Which solution will meet this requirement?
Create a security group rule to deny all inbound traffic from the suspicious IP address. Associate the security group with the ALB.
Implement Amazon Detective to monitor traffic and to block malicious activity from the internet. Configure Detective to integrate with the ALB.
Implement AWS Resource Access Manager (AWS RAM) to manage traffic rules and to block malicious activity from the internet. Associate AWS RAM with the ALB.
Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.
Explanations:
Security groups cannot deny inbound traffic; they only allow traffic based on rules. A security group can only allow specific inbound traffic, not deny it.
Amazon Detective is a security investigation service, not a traffic blocking service. It helps in analyzing suspicious activity but does not block traffic.
AWS Resource Access Manager (AWS RAM) is used to share resources across accounts, not for managing traffic rules or blocking malicious traffic.
AWS WAF allows you to create IP-based rules, such as blocking traffic from a specific IP address. Associating a WAF web ACL with the ALB will block the malicious traffic.
Based on what I know, the answer is:
Add the malicious IP address to an IP set in AWS WAF. Create a web ACL. Include an IP set rule with the action set to BLOCK. Associate the web ACL with the ALB.