Which action should be taken to block this traffic?
Use Amazon CloudFront to cache the traffic and block access to the web servers
Use Amazon GuardDuty to protect the web servers from bots and scrapers
Use AWS Lambda to analyze the web server logs, detect bot traffic, and block the IP address in the security groups
Use AWS WAF rate-based blacklisting to block this traffic when it exceeds a defined threshold
Explanations:
Amazon CloudFront is used for content delivery and caching, not for blocking malicious traffic. It cannot directly block specific IPs based on request patterns or rate limits.
Amazon GuardDuty is a threat detection service that identifies potential security issues but does not directly block malicious traffic or manage access control.
AWS Lambda can analyze logs and detect malicious activity, but it does not provide real-time blocking of IP addresses in security groups. It would require additional logic and integration.
AWS WAF provides rate-based blacklisting, which can automatically block IPs that exceed a defined threshold of requests, effectively mitigating traffic from rogue sources.
As I understand it, the answer is:
Use AWS WAF rate-based blacklisting to block this traffic when it exceeds a defined threshold