Receiving external HTTP requests in EC2 instance best practices

Question

My company has a landing page hosted with S3 and a React/Nodejs app hosted using EC2. I have recently been asked to create a form on our S3 website that can collect responses.

Since I need server side capabilities, my initial thoughts were to send a HTTP POST from the client's browser to the Nodejs backend (ON EC2) and save the form's response in a database. This works fine on my local environment. However, I understand that the EC2 instance's security groups wont allow external HTTP requests. I understand that security groups are essential to preventing malicious actors, but I still want to be able to receive these HTTP requests without having to create a whole new architecture.  Is there any way to setup the security group without allowing inbound HTTP access from any address? If not, is there any other easy options?

Any suggestions would be greatly appreciated.

Accepted Answer

Security groups are a way to allow access from specific sources on specific ports.
If you wish to recieve form data from anyone on the internet, you would have to allow access on the ports from anyone..

First thing that springs to mind, is to allow write access (PUT Object) to the S3 bucket and have the form save a file to a folder which no one externally has read access to.

The form would write a file to an S3 bucket with PUT only access from Anyone
https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html

https://docs.aws.amazon.com/AmazonS3/latest/userguide/HTTPPOSTForms.html

https://saturncloud.io/blog/how-to-post-form-data-to-amazon-s3-bucket/

Receiving external HTTP requests in EC2 instance best practices

Relevant content