AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
A company's public API, which operates as tasks on Amazon Elastic Container Service (Amazon ECS) and runs on AWS Fargate behind an Application Load Balancer (ALB), has been functioning smoothly for several months with Service Auto Scaling based on CPU utilization. However, recent performance degradation has rendered the application non-functional due to a surge in SQL injection attacks, causing the API service to scale up to its maximum capacity. A solutions architect is tasked with devising a solution to shield the ECS API service from these attacks, ensuring that legitimate traffic is not obstructed and operational efficiency is maximized. What measures should the solutions architect take to achieve this?
A company's public API, which operates as tasks on Amazon Elastic Container Service (Amazon ECS) and runs on AWS Fargate behind an Application Load Balancer (ALB), has been functioning smoothly for several months with Service Auto Scaling based on CPU utilization. However, recent performance degradation has rendered the application non-functional due to a surge in SQL injection attacks, causing the API service to scale up to its maximum capacity. A solutions architect is tasked with devising a solution to shield the ECS API service from these attacks, ensuring that legitimate traffic is not obstructed and operational efficiency is maximized. What measures should the solutions architect take to achieve this?
Explanation:
The correct answer is C. This option suggests creating a new AWS WAF web ACL and adding a rule specifically to block SQL injection attack patterns using the SQL database rule group. This is the most appropriate solution because it directly addresses the issue of SQL injection attacks by preventing such requests from reaching the ECS API service. It also ensures that legitimate traffic is allowed through, thereby maintaining operational efficiency. Options A, B, and D either do not specifically target SQL injection attacks or involve more complex, less efficient solutions.