A company recently deployed an Amazon RDS instance in its VPC.The company needs to implement a stateful firewall to limit traffic to the private corporate network.
Which AWS service or feature should the company use to limit network traffic directly to its RDS instance?
Network ACLs
Security groups
AWS WAF
Amazon GuardDuty
Explanations:
Network ACLs operate at the subnet level and provide stateless filtering, which is not suitable for stateful control.
Security groups are stateful firewalls that control inbound and outbound traffic to AWS resources, including RDS instances.
AWS WAF is a web application firewall designed to protect web applications from common threats, not for controlling traffic to RDS.
Amazon GuardDuty is a threat detection service that monitors for malicious activity but does not control traffic to RDS instances.