Hey Ali, a nice riddle you have there. Aside from bug (feature?) where public companies aren’t filtered by ID there’s a bunch of things that aren’t a security threat as such but can be exploited to stop app from operating. So here goes:
- Scan goes through the whole table every time and with 5 reads/s you will saturate that very quickly. The SDK however would attempt an exponential backoff with default timeout, so the function will start timing out
- API has default rate limits of 10k requests per second, so using that and 3s timeout one can consume all of your account lambda scalability (default 1000 concurrent executions)
A good way to solve it would be limiting rates of anonymous calls per client conservatively and/or adding some auth. Also I’d avoid Scan and indexed table in a way that Query would return the results desired. One other consideration is how long Dynamo call takes and if behavior of the SDK calling Dynamo needs changing.