Which configuration will meet this requirement?
Configure the security group for the EC2 instances.
Configure the security group on the Application Load Balancer.
Configure AWS WAF on the Application Load Balancer in a VPC.
Configure the network ACL for the subnet that contains the EC2 instances.
Explanations:
Configuring the security group for the EC2 instances would only control inbound and outbound traffic based on IP addresses and ports. It does not provide the capability to filter requests based on geographic location.
Similar to option A, configuring the security group on the Application Load Balancer does not allow for country-based filtering. Security groups are based on IP addresses and not on geographic locations.
Configuring AWS WAF (Web Application Firewall) on the Application Load Balancer allows for the creation of rules that can block or allow traffic based on geographic location, fulfilling the requirement to restrict access to the application from one specific country.
Network ACLs are stateless and also based on IP addresses and ports. While they can control traffic flow, they do not provide functionality to filter traffic by geographic location.