Securing application server for a single user


I’m building some simple dashboard app for myself, but I want to have them on multiple devices – hence the server and front end. As I will be the only user who will access the application server, what security should I implement.

Stack: Postgres Ktor (Kotlin) server, HTTPS, only REST API Front end

I’ll run AWS Lightsail instance since I don’t need anything heavy. Postgres and application server will be there, with only ports 443 and 22 open. Front end will be on S3 with CloudFront.

I’m doing this because it’s easier for me to make a browser "app", than to make an Android app + something for desktop and keep them in sync.

I’ll be using the app from multiple networks. At home (where I don’t have a static IP, which would solve some of the problems), from mobile network, from work, when traveling to other countries, etc.

For background, I’ve been working on server for almost 3 years, Spring + Hibernate, Postgres. I have a fair knowledge of linux, hosting a server on it, some of AWS services and basic knowledge of database administration. I’ve done a bit of front end, but I’ll have to get back to that soon. I have almost no knowledge of security beyond basic JWT and SSH.