Block IP Addresses in AWS Cloud
Question
You have deployed a multi-tier Web Application in an AWS cloud.
Web servers, Application servers & Database servers are deployed in US East Region.
For High availability, Application Load Balancers are configured in the front end to balance traffic across Multiple AZ's in this region. For Caching of data, you are using Amazon CloudFront at edge locations.
The security team has received a list of blacklist IP address deemed as Spammers.
They want you to immediately block these IP addresses at the farthest point from cloud infrastructure.
Which of the following is the correct option to block IP addresses?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
AWS WAF can be used to detect & block the following.
IP Address & Range.
Patterns in HTTP headers & Body.
URL string patterns.
SQL injection.
Cross-Site scripting.
Geographical Locations.
This AWS WAF can be executed at edge locations on Amazon CloudFront or at Application Load Balancers at the regional level.
Since it is required to apply this Web ACL at the farthest point from a Web application, it needs to apply at edge location Amazon CloudFront at Global level.
Option A is incorrect as AWS WAF is available globally for a CloudFront distribution, but you must use the Region US East (N.
Virginia) for all of your work.
You must create your web ACL using the Region US East (N.
Virginia)
Option C is incorrect.
Since it requires blocking IP address at the farthest point from cloud infrastructure, it needs to apply at Amazon CloudFront & not at Application Load Balancer.
Also, Web ACL is applied at the regional level.
Option D is incorrect.
Since it requires blocking IP address at the farthest point from cloud infrastructure, it needs to apply at Amazon CloudFront & not at Application Load Balancer.
For more information on WAF, refer to the following URL-
https://docs.aws.amazon.com/waf/latest/developerguide/how-aws-waf-works.htmlThe correct option to block the blacklisted IP addresses would be D. In the US East region, create Web ACL to block all IP addresses & apply it at Application Load Balancer.
Explanation: In the given scenario, the requirement is to block the blacklisted IP addresses at the farthest point from the cloud infrastructure. The farthest point in this case would be the edge of the network, which is where the Amazon CloudFront service is deployed. However, it is not feasible to create a Web ACL at the edge level CloudFront to block the IP addresses as it requires creating and managing the rules in each and every edge location of CloudFront. This is not practical because CloudFront has a vast number of edge locations.
Therefore, the next best option is to block the IP addresses at the Application Load Balancer (ALB) level. An ALB is deployed in front of the web servers and application servers to balance the traffic across multiple Availability Zones (AZs) in a region. The ALB is configured to distribute incoming traffic to registered targets based on the specified rules. The rules can be defined using a Web ACL, which is a set of rules to filter traffic based on IP addresses, HTTP headers, or URI strings.
In this scenario, the Web ACL needs to be created to block the blacklisted IP addresses and then applied to the ALB. This ensures that traffic from the blacklisted IP addresses is blocked before it reaches the web and application servers, thereby providing an additional layer of security. Moreover, creating a Web ACL at the ALB level is easier to manage as it needs to be created and managed only once for the entire region.
Therefore, option D is the correct option to block the blacklisted IP addresses at the farthest point from the cloud infrastructure.
