You work in a financial company as an AWS architect. The security team has informed you that the company’s AWS web product has recently been attacked by SQL injection. Several attackers tried to insert certain malicious SQL code into web requests to extract data from the MySQL database. The database is deployed in several EC2 instances under an application load balancer. Although the attack was unsuccessful, you are expected to provide a better solution to protect the product. Which action should you perform?

Answer options:

A.Configure a rule in AWS Firewall Manager to block all malicious SQL injection requests for the EC2 instances.
B.Create a WAF Access Control List (ACL) with a rule to block the malicious SQL injection requests. Associate the application load balancer with this new ACL.
C.Use AWS Shield Advanced service to block the malicious SQL injection requests that go to the application load balancer.
D.Configure a WAF Access Control List (ACL) with a rule to allow all requests except the malicious SQL injection requests. Associate each EC2 instance with the new ACL.

Correct Answer – B
There are several firewall services that AWS has provided, including AWS WAF, AWS Shield, and AWS Firewall Manager. The differences among them can be found in https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html.
In this case, AWS WAF should be used as it can help to prevent SQL injection attacks.
Option A is incorrect: AWS Firewall Manager is a tool to simplify the AWS WAF and AWS Shield Advanced administration. However, an ACL is still needed in AWS WAF. Option B is more accurate.
Option B is CORRECT: Because AWS WAF can protect against SQL injection attacks for an application load balancer.
Option C is incorrect: Because AWS Shield Advanced provides expanded DDoS attack protection rather than SQL injection attack protection.
Option D is incorrect: Because after a WAF Access Control List (ACL) is created, the application load balancer should be associated instead of all EC2 instances.