Explanation
AWS WAF (Web Application Firewall) is the correct answer because:
- SQL Injection Protection: AWS WAF provides specific rules and filters to detect and block SQL injection attacks, which are a common web application vulnerability
- Web Application Focus: WAF is specifically designed to protect web applications from common exploits like SQL injection, cross-site scripting (XSS), and other OWASP Top 10 threats
- Managed Rules: AWS WAF offers managed rule groups that include SQL injection protection rules
Why other options are incorrect:
- AWS Shield: Provides DDoS protection but does not specifically address SQL injection attacks
- Network ACLs: Operate at the subnet level and control traffic based on IP addresses and ports, not application-level content
- Security Groups: Act as virtual firewalls for EC2 instances at the instance level, controlling traffic based on protocols and ports, not application payload content
AWS WAF inspects HTTP/HTTPS requests and can block malicious SQL code before it reaches your web applications.
