How to secure api hosted in a docker conatiner,served by nginx proxy behind a loadbalancer in AWS EC2 from brute force attack
my micro frontend is hosted in amplify, my api i hosted in a docker container in EC2 behind a loadbalancer and the api is served by nginx reverse proxy. I had an incident that someone got my auth token and was sending automated request to all my heavy api endpoints causing my system to go slow.
i have implemented rate limiting and fail2ban in nginx configuration but i am still not sure if that is secure enough. my team is working on human verification if someone sends request to the api server in continuous basis.
can you please suggest what will be the best approach to prevent my api getting bruteforced
##note##
api is built in python django, i know there is better way to build apis but i was inducted in the middle of the project
I want to know best way to secure my api , please feel free to suggest what you think is the best apporach. I will reconsider the approach if its best and feseable.
thank you