Implemented portfolio feature

Lambda Contact Form

A serverless contact form lets reviewers send a private message without exposing a scrapeable email address in the page source.

Status Implemented site feature
AWS focus
API GatewayLambdaSESDynamoDBSSM
UI
Contact form Client
CF
CloudFront static site CloudFront
API
API Gateway API Gateway
L
Lambda validation + rate limit Lambda
DDB
DynamoDB TTL counter DynamoDB
SES
SES private delivery SES

Problem

A mailto link exposes an address to crawlers. A controlled form can protect the address, validate submissions, and add rate limits before a notification is sent.

Design

  • The frontend posts JSON to API Gateway.
  • Lambda validates fields, checks a honeypot field, and rejects malformed submissions.
  • DynamoDB stores a salted daily rate-limit counter with TTL.
  • SSM Parameter Store keeps sender and recipient email values out of the static site and stack parameters.
  • SES delivers the message to a private inbox with the visitor's email set as Reply-To.

Cost and abuse controls

The backend uses the existing low-traffic API Gateway and 128 MB Lambda pattern, the existing provisioned DynamoDB table, short log retention, no attachment handling, a 2,000-character message cap, and a small per-client daily submission limit.

Privacy controls

The public HTML does not contain my email address. The Lambda sends only the submitted message and reply address to my inbox, and CloudWatch logs are not used to store message bodies.