Clarification on Cyber Security Approach in Shopify EventBridge Integration

We’ve integrated Shopify store with our backend using eventbridge partner event source. Since this is a third party integration, we have to get approval from architect and cyber board.

Therefore, can you please let me know the underneath security posture in Shopify store ?

Due to the eventbridge integration, I know that the entire connection between Shopify and our AWS account happens through AWS private network. But please clarify if there’s anything I’m missing here.

Additionally, is there a Shield for DDoS protection in Shopify and WAF for request filtering when user interactions (user creation and update, order creation and cancellation) before sending the event data to our AWS account via eventbridge integration ?

In case of a flood of requests through EventBridge, does Shopify takes the responsibility to mitigate the situation ? Can you please elaborate on how this is handled ?

Finally, could you explain how reliable and scalable this EventBridge integration process is ?

When you’re working with Shopify EventBridge integration, cybersecurity is really important to keep everything safe and running smoothly. A good approach is to focus on access control, data encryption, and monitoring for any unusual activity. Make sure you’re using Shopify’s built-in security features and regularly updating your API keys and permissions. It’s also a good idea to run an ip stress test to see how your system handles traffic and potential threats. This way, you can spot any weak areas before they become an issue.