DEV Community

Discussion on: Create a simple OTP system with AWS Serverless

Collapse
eliasibgerardo profile image
Gerardo Eliasib

Excellent post!
I wonder if this implementation limits the number of OTP's generated by email to avoid unnecessary consumption?

Collapse
pubudusj profile image
Pubudu Jayawardana Author

Thanks for the feedback @eliasibgerardo
In this implementation there is no limitation enforced. However, there are several ways to protect the unnecessary consumptions.
Since this OTP functionality meant to be consumed by already authenticated users, that will reduce the unnecessary usage since we can track the users who are actually using the system.
Also, in the infrastructure level, we can use Web Application Firewall (WAF) rules with throttling to protect the API end points per IP for example. docs.aws.amazon.com/waf/latest/dev...
Further, in the code level, we can implement our own rate limits per email address using the email address and expiryAt field values.