Question

A website runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB) which serves as an origin for an Amazon CloudFront distribution. An AWS WAF is being used to protect against SQL injection attacks. A review of security logs revealed an external malicious IP that needs to be blocked from accessing the website.

What should a solutions architect do to protect the application?

Answer 1

A solutions architect should update the AWS WAF rules to block the malicious IP by adding a new rule in the Web ACL associated with the CloudFront distribution, ensuring that traffic from that IP is blocked before reaching the EC2 instances.

Step-by-step explanation:

To protect the application from the external malicious IP that has been identified, a solutions architect should update the AWS WAF rules to block the specific IP address. To do this, they should follow these steps:

Go to the AWS WAF console.

Select the appropriate web access control list (ACL) associated with the CloudFront distribution.

Edit the rules to include a new condition that blacklists or blocks the specified IP address.

Ensure the new rule has a higher priority than other rules so it is enforced first.

Save the new rule and deploy it to the Web ACL.

By performing these actions, any future traffic from the malicious IP will be blocked by AWS WAF before reaching the Amazon EC2 instances, providing enhanced security against potential threats.