posted 5 years ago
Hey, sorry for the late reply.
As you said, AWS Lambda and other AWS services used for a common serverless app (i.e., Amazon API Gateway) are PCI compliant. When you are using an Express.js with AWS Lambda, your Express.js app (which is actually Node.js app) is running inside your Lambda function, without any connection to the outside world, so it's definitely still PCI compliant. As shown in the attached image (from chapter 13 of our book), your app receives an HTTP request through Amazon API Gateway (PCI compliant). API Gateway then triggers Lambda function, that is also PCI compliant, and your Express app runs inside AWS Lambda.
We cover some of these questions in chapters 12 (payment via Stripe) and 13 (Express.js app) of our book.
Cheers,
Slobodan
1-mzrdIp1z6-WKwDZR3zSyQQ.png