Your company has the following setup in AWS.
a. A set of EC2 Instances hosting a web application
b.An application load balancer placed in front of the EC2 Instances
There seem to be some malicious requests coming from a set of IP addresses. Which of the following can be used to protect against these requests?

Answer options:

A.Use Security Groups to block the IP addresses.
B.Use VPC Flow Logs to block the IP addresses.
C.Use AWS Inspector to block the IP addresses.
D.Use Web ACLs to block the IP addresses.

Answer – D
According to the AWS Documentation,
A web access control list (web ACL) gives you fine-grained control over all of the HTTP(S) web requests that your protected resource responds to. You can protect Amazon CloudFront, Amazon API Gateway, Application Load Balancer, and AWS AppSync resources.
You can use criteria like the following to allow or block requests:
- IP address origin of the request
- Country of origin of the request
- String match or regular expression (regex) match in a part of the request
- Size of a particular part of the request
- Detection of malicious SQL code or scripting
Option A is incorrect because, by default, Security Groups have the Deny policy. It cannot block a specific set of IP addresses.
Options B and C are incorrect because these services cannot be used to block IP addresses.
For information on AWS WAF Web ACLs, please visit the below URL
https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html
https://docs.aws.amazon.com/waf/latest/developerguide/how-aws-waf-works.html
https://aws.amazon.com/blogs/aws/aws-web-application-firewall-waf-for-application-load-balancers/
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html