What should a solutions architect recommend to meet these requirements?
Configure AWS WAF rules and associate them with the ALB.
Deploy the application using Amazon S3 with public hosting enabled.
Deploy AWS Shield Advanced and add the ALB as a protected resource.
Create a new ALB that directs traffic to an Amazon EC2 instance running a third-party firewall, which then passes the traffic to the current ALB.
Explanations:
AWS WAF (Web Application Firewall) provides traffic filtering specifically for application-level attacks like SQL injection and cross-site scripting. By configuring WAF rules and associating them with the ALB, the company can effectively protect their application while minimizing the management burden.
Hosting the application on Amazon S3 with public hosting enabled is not suitable for dynamic web applications that require backend processing and does not provide any built-in protection against application-level attacks.
AWS Shield Advanced provides DDoS protection, but it does not specifically address application-layer attacks such as SQL injection or cross-site scripting. It also does not reduce operational responsibilities regarding traffic filtering.
Creating a new ALB to direct traffic to an EC2 instance with a third-party firewall adds complexity and does not align with the requirement to minimize operational responsibilities. It could also introduce more management overhead without effectively addressing the specific applica
It seems to me that the answer is:
Configure AWS WAF rules and associate them with the ALB.