Ultimate access to all questions.
A company's public API, which operates as tasks on Amazon Elastic Container Service (Amazon ECS) and runs on AWS Fargate behind an Application Load Balancer (ALB), has been functioning smoothly for several months with Service Auto Scaling based on CPU utilization. However, recent performance degradation has rendered the application non-functional due to a surge in SQL injection attacks, causing the API service to scale up to its maximum capacity. A solutions architect is tasked with devising a solution to shield the ECS API service from these attacks, ensuring that legitimate traffic is not obstructed and operational efficiency is maximized. What measures should the solutions architect take to achieve this?
A
Establish a new AWS WAF web ACL to oversee HTTP and HTTPS requests directed to the ALB in front of the ECS tasks.
B
Implement a new AWS WAF Bot Control setup. Incorporate a rule within the AWS WAF Bot Control managed rule group to scrutinize traffic, permitting only authentic traffic to pass through to the ALB in front of the ECS tasks.
C
Initiate a new AWS WAF web ACL. Integrate a rule that prohibits requests corresponding to the SQL database rule group. Configure the web ACL to permit all other traffic that does not align with these rules. Attach the web ACL to the ALB in front of the ECS tasks.
D
Forge a new AWS WAF web ACL. Generate a new empty IP set within AWS WAF. Append a rule to the web ACL to thwart requests originating from IP addresses listed in the new IP set. Develop an AWS Lambda function that analyzes the API logs for IP addresses involved in SQL injection attacks, and include those IP addresses in the IP set. Attach the web ACL to the ALB in front of the ECS tasks.