Security Best Practices
These security best practices don't only apply to AME, but also to any other software application.
Create a new user specific to run the AME SERVER e.g. Give only the necessary privileges that is required. Or run AME inside a docker instance.
Setup the firewall so that only the database server can connect to the AME Server port OR use the IP whitelist feature of AME to only allow access from the IP of the database server
Configure HTTPS either using a reverse proxy or let AME run in HTTPS mode, see HTTPS Configuration section