Which solution meets these requirements?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company’s public API runs as tasks on Amazon Elastic Container Service (Amazon ECS).The tasks run on AWS Fargate behind an Application Load Balancer (ALB) and are configured with Service Auto Scaling for the tasks based on CPU utilization.This service has been running well for several months.Recently, API performance slowed down and made the application unusable.The company discovered that a significant number of SQL injection attacks had occurred against the API and that the API service had scaled to its maximum amount.A solutions architect needs to implement a solution that prevents SQL injection attacks from reaching the ECS API service.The solution must allow legitimate traffic through and must maximize operational efficiency.

Which solution meets these requirements?

Create a new AWS WAF web ACL to monitor the HTTP requests and HTTPS requests that are forwarded to the ALB in front of the ECS tasks.

Create a new AWS WAF Bot Control implementation. Add a rule in the AWS WAF Bot Control managed rule group to monitor traffic and allow only legitimate traffic to the ALB in front of the ECS tasks.

Create a new AWS WAF web ACL. Add a new rule that blocks requests that match the SQL database rule group. Set the web ACL to allow all other traffic that does not match those rules. Attach the web ACL to the ALB in front of the ECS tasks.

Create a new AWS WAF web ACL. Create a new empty IP set in AWS WAF. Add a new rule to the web ACL to block requests that originate from IP addresses in the new IP set. Create an AWS Lambda function that scrapes the API logs for IP addresses that send SQL injection attacks, and add those IP addresses to the IP set. Attach the web ACL to the ALB in front of the ECS tasks.

Explanations:

AWS WAF can monitor requests, but simply monitoring HTTP/HTTPS traffic does not provide active mitigation for SQL injection attacks. The solution needs to block malicious traffic, not just observe it.

AWS WAF Bot Control is designed for mitigating bot traffic, not specifically for SQL injection attacks. Although it can block some malicious traffic, it is not tailored to protect against SQL injection.

AWS WAF with a SQL injection rule group is designed specifically to block SQL injection attempts. By attaching the web ACL to the ALB, it will inspect incoming requests and block those matching SQL injection patterns, allowing legitimate traffic through.

While blocking specific IP addresses might help, this solution is reactive (relying on scraping logs and identifying bad IPs), which is less efficient and timely compared to proactive SQL injection protection provided by the SQL rule group in AWS WAF.

2025-10-20

1 Comment

  1. Dorothy
    Author

    I appraise that the answer is:
    Create a new AWS WAF web ACL. Add a new rule that blocks requests that match the SQL database rule group. Set the web ACL to allow all other traffic that does not match those rules. Attach the web ACL to the ALB in front of the ECS tasks.

Leave a Reply

Your email address will not be published. Required fields are marked *

five − four =