Looking for a best-practice for building serverless application with amplify and api gateway and lambda

0

A customer is building a trivia app for sporting events. One component of the system is a mobile app that communicates with a back-end to get the questions.

They are building the app using Amplify. This will communicate with API Gateway which will in turn call Lambda functions. They are aware that people may try to break the game and are looking for some security best-practices for building the app.

So far, we have been talking about

  • Use WAF with API Gateway
  • Store secrets (such as DB connection strings) using Secrets Manager
  • use Cognito or similar authentication to secure connections with API Gateway

Are there other services or approaches that people would recommend?

1개 답변
1
수락된 답변

Also worth looking at Building an Serverless Airline booking application series on Twitch. All sessions are recorded.

Architect an Airline Booking Application, End-to-End

aws-serverless-airline-booking

AWS
전문가
답변함 5년 전
profile picture
전문가
검토됨 6달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠