Hey thanks for the read! You bring up a very good point to think about, my first thoughts would be IP whitelisting and if that's not possible a lambda custom authroizer (using the hashed key that usually these providers provide) would protect the service in some sort of way from DDoS. Again thank you for starting this discussion, there is a lot to improve specially in the side of security.