AWS Certified Cloud Practitioner

Explanation

AWS WAF (Web Application Firewall) is the correct answer because:

• AWS WAF is specifically designed to protect web applications from common web exploits like SQL injection attacks
• It allows you to create custom rules to block specific attack patterns
• It integrates seamlessly with Application Load Balancers (ALB) to inspect HTTP/HTTPS traffic
• You can define rules that filter out SQL injection patterns in request parameters, headers, and body

Why other options are incorrect:

• Security groups: These are stateful firewalls that control traffic at the instance level (EC2 level), but they don't inspect application-layer content for SQL injection patterns
• Network ACLs: These are stateless firewalls that control traffic at the subnet level, operating at the network layer (Layer 3/4), not the application layer
• AWS Shield: This is a DDoS protection service that protects against distributed denial-of-service attacks, not specifically SQL injection attacks

AWS WAF provides granular control over web traffic and can be configured with managed rule sets from AWS Marketplace or custom rules to specifically target SQL injection vulnerabilities.