Which solution will meet this requirement with the LEAST effort?
Set up AWS WAF in front of the ALB. Create a rule that blocks requests that exceed the limit of 3 requests in any 5-minute period for each IP address.
Create an AWS Lambda function based on an Amazon CloudWatch request. Configure the Lambda function to count the requests for each IP address in rolling 5-sminute intervals and to provide notification if the count exceeds 3.
Modify the EC2 application to count the source IP address of requests and calculate a rolling 5-minute sum. Return an error message if the count sum is greater than 3.
Add source IP address and request time to the DynamoDB table. Add a 5-minute TTL setting based on request time. Change the read capacity of the DynamoDB table throughput to 3.
Explanations:
AWS WAF can be easily configured to limit the number of requests per IP address. By setting up a rate-based rule, it can block requests that exceed 3 requests in a 5-minute period, effectively mitigating the concern with minimal effort.
While a Lambda function could be set up to monitor and count requests, it would require more effort to implement and manage, especially considering the complexities of handling rolling 5-minute intervals and potentially notifying users. This does not directly block excessive requests.
Modifying the application on EC2 to track request counts introduces additional complexity and development effort. Implementing rate limiting at the application level can be less efficient and more error-prone compared to using AWS WAF. It also doesn’t address blocking requests but merely returns error messages.
Adding source IP and request time to DynamoDB and managing TTL settings is overly complex and inefficient for this requirement. It does not provide a direct way to limit requests; instead, it complicates the architecture and incurs additional costs and management overhead without achieving the goal effectively.