How can the security engineer limit the number of requests from a specific IP address without blocking the IP address?
Add a rule to the Application Load Balancer to route the traffic originating from the IP address in question and show a static webpage.
Implement a rate-based rule with AWS WAF.
Use AWS Shield to limit the originating traffic hit rate.
Implement the GeoLocation feature in Amazon Route 53.
Explanations:
Routing traffic from the specific IP address to a static webpage does not limit the number of requests and can still overload the server if the traffic is high. This approach simply redirects traffic without controlling the rate of requests.
Implementing a rate-based rule with AWS WAF allows the security engineer to set a limit on the number of requests from a specific IP address. This can effectively throttle requests and prevent a single IP from overwhelming the application without blocking it entirely.
AWS Shield is primarily a DDoS protection service and does not provide specific functionality to limit traffic from a single IP address. It focuses on protecting against large-scale attacks rather than rate limiting individual users.
The GeoLocation feature in Amazon Route 53 is used to route traffic based on geographical location and does not address the issue of limiting request rates from a specific IP address. It is not relevant for controlling request frequency.
As I recall, the answer is:
Implement a rate-based rule with AWS WAF.