The idea of creating a static HTML version of a website for production use is gaining significant traction in the industry. Doing this removes the joint attack vectors of PHP and MySQL on the site, and means there is no requirement to slavishly keep up to date with Drupal security patches. Content can still be created using Drupal in a secure non-public facing environment such as a VPC or a sandbox, then the static pages can be deployed to the production server.
Similarly, without a Drupal backend, a Contact form requires a different approach. Nigel shows how AWS serverless products such as Lambda, Gateway API and SES can be used as a replacement for a 'Contact Me' form.
Note: This is effectively a presentation on a sequence of blogs I am writing entitled Drupal 8 as a Static Site. It is still work in progress but will be completed over the Xmas break.