DEV Community

Cover image for Create a simple OTP system with AWS Serverless

Create a simple OTP system with AWS Serverless

Pubudu Jayawardana on September 27, 2021

Intro This post describes how to implement a simple One Time Password (OTP) system with AWS Serverless services which can be used as a p...
Collapse
 
karanpratapsingh profile image
Karan Pratap Singh

Great post! what tool did you use for the architecture diagram, Lucidcharts?

Collapse
 
pubudusj profile image
Pubudu Jayawardana

Thanks @karanpratapsingh for the feedback.
I use draw.io for these diagrams.

Collapse
 
karanpratapsingh profile image
Karan Pratap Singh

Thanks

Collapse
 
wiley19 profile image
Wilson

I use it too, it's awesome

Collapse
 
sakar_dhana profile image
Sakar

In DynamoDB single table design we can't use TTL. I don't know is it possible!

Collapse
 
pubudusj profile image
Pubudu Jayawardana

Hey Sekar, can you elaborate more why you cannot use TTL with single table design?

Collapse
 
sakar_dhana profile image
Sakar

TTL is set for the entire table. In single table design, we have many entities in the same table. We can't set TTL on a single entity.

Collapse
 
avinashdalvi_ profile image
Avinash Dalvi

Very explained post. Thanks for this. 👍🏻👍🏻

Collapse
 
pubudusj profile image
Pubudu Jayawardana

Thanks for the feedback @aviboy2006

Collapse
 
3much profile image
3much

Great and useful post. 💯✌

Collapse
 
pubudusj profile image
Pubudu Jayawardana

Thanks @3much for the feedback!

Collapse
 
aaronbrighton profile image
Aaron Brighton

FYI, the Github repo link is 404, may need to make it public?

Collapse
 
pubudusj profile image
Pubudu Jayawardana

Just made it public. Thanks for pointing this out @aaronbrighton .

Collapse
 
eliasibgerardo profile image
Gerardo Eliasib

Excellent post!
I wonder if this implementation limits the number of OTP's generated by email to avoid unnecessary consumption?

Collapse
 
pubudusj profile image
Pubudu Jayawardana

Thanks for the feedback @eliasibgerardo
In this implementation there is no limitation enforced. However, there are several ways to protect the unnecessary consumptions.
Since this OTP functionality meant to be consumed by already authenticated users, that will reduce the unnecessary usage since we can track the users who are actually using the system.
Also, in the infrastructure level, we can use Web Application Firewall (WAF) rules with throttling to protect the API end points per IP for example. docs.aws.amazon.com/waf/latest/dev...
Further, in the code level, we can implement our own rate limits per email address using the email address and expiryAt field values.

Collapse
 
wiley19 profile image
Wilson

Great post and well detailed. Although I would say DynamoDB streams is unnecessary, the lambda that stores the function might as well call the SES service. What do you think?

Collapse
 
pawan_kumar profile image
pawan kumar

Hi, its a great post, but send-email function gives error that
event.Records is not iterable