Serverless Form Handling at Scale

Oct 6, 2025 · 3 min · snapitforms.com

Architecture

S3 Static Site → API Gateway → Lambda → DynamoDB
                                              ↓
                                     SES Email Notifications

SnapIt Forms processes form submissions without any backend coding from the user. Drop in an access key, point your form at our API, and submissions flow through Lambda into DynamoDB with email notifications via SES.

Dynamic CORS

Forms submit from any domain, so we needed dynamic CORS handling based on a whitelist rather than a blanket wildcard.

const headers = {
    'Access-Control-Allow-Origin': getAllowedOrigin(event.headers.origin),
    'Access-Control-Allow-Headers': 'Content-Type',
    'Access-Control-Allow-Methods': 'POST, OPTIONS'
};

Spam Prevention

DynamoDB TTL handles rate limiting elegantly - records auto-expire so there's no cleanup overhead.

// Rate limit record auto-expires after 1 hour
await dynamoDB.put({
    TableName: 'rate_limits',
    Item: {
        key: `${formKey}_${ip}`,
        count: 1,
        ttl: Math.floor(Date.now() / 1000) + 3600
    },
    ConditionExpression: 'attribute_not_exists(#key) OR #count < :limit'
}).promise();

Performance

Response time: 200ms average
Cost: ~$0.02 per 1,000 submissions
Uptime: 99.9% with dead letter queue handling
Auto-scaling: Lambda handles 0 to 1,000+ concurrent requests