Which solution will meet these requirements with the LEAST amount of administrative effort?
Set up AWS WAF in both Regions, Associate Regional web ACLs with an API stage.
Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules.
Set up AWS Shield in both Regions. Associate Regional web ACLs with an API stage.
Set up AWS Shield in one of the Regions. Associate Regional web ACLs with an API stage.
Explanations:
While setting up AWS WAF and associating Regional web ACLs with an API stage does provide protection against SQL injection and cross-site scripting attacks, it requires configuration in each region and does not offer centralized management across multiple accounts. This could lead to increased administrative effort.
AWS Firewall Manager allows for centralized configuration and management of AWS WAF rules across multiple accounts and regions. This solution minimizes administrative effort by enabling the application of consistent security rules without having to individually configure each API in each region.
AWS Shield primarily provides DDoS protection rather than specific protection against SQL injection or cross-site scripting. Associating Regional web ACLs with an API stage would still require configuration for AWS WAF separately, which increases administrative effort without specifically addressing the requirement for SQL injection and XSS protection.
Similar to option C, AWS Shield does not provide protection against SQL injection or cross-site scripting attacks. Associating Regional web ACLs with an API stage would require separate WAF setup, resulting in higher administrative effort and not fulfilling the specific security requirements.