Which solution meets these requirements?
Create a new AWS WAF web ACL to monitor the HTTP requests and HTTPS requests that are forwarded to the ALB in front of the ECS tasks.
Create a new AWS WAF Bot Control implementation. Add a rule in the AWS WAF Bot Control managed rule group to monitor traffic and allow only legitimate traffic to the ALB in front of the ECS tasks.
Create a new AWS WAF web ACL. Add a new rule that blocks requests that match the SQL database rule group. Set the web ACL to allow all other traffic that does not match those rules. Attach the web ACL to the ALB in front of the ECS tasks.
Create a new AWS WAF web ACL. Create a new empty IP set in AWS WAF. Add a new rule to the web ACL to block requests that originate from IP addresses in the new IP set. Create an AWS Lambda function that scrapes the API logs for IP addresses that send SQL injection attacks, and add those IP addresses to the IP set. Attach the web ACL to the ALB in front of the ECS tasks.
Explanations:
AWS WAF can monitor requests, but simply monitoring HTTP/HTTPS traffic does not provide active mitigation for SQL injection attacks. The solution needs to block malicious traffic, not just observe it.
AWS WAF Bot Control is designed for mitigating bot traffic, not specifically for SQL injection attacks. Although it can block some malicious traffic, it is not tailored to protect against SQL injection.
AWS WAF with a SQL injection rule group is designed specifically to block SQL injection attempts. By attaching the web ACL to the ALB, it will inspect incoming requests and block those matching SQL injection patterns, allowing legitimate traffic through.
While blocking specific IP addresses might help, this solution is reactive (relying on scraping logs and identifying bad IPs), which is less efficient and timely compared to proactive SQL injection protection provided by the SQL rule group in AWS WAF.