A financial company hosts a web application that uses an Amazon API Gateway Regional API endpoint to provide current stock prices. The security team has noticed an increase in API requests and is concerned about HTTP flood attacks taking the application offline. A solutions architect must design a protection with the LEAST operational overhead. Which solution meets this requirement?
Choose an answer
Tap an option to check your answer.
Correct answer: Create a Regional AWS WAF web ACL with a rate-based rule. Associate the web ACL with the API Gateway stage..
Why this is the answer
The correct solution is to create a Regional AWS WAF web ACL with a rate-based rule and associate it with the API Gateway stage. AWS WAF is a managed service designed to protect web applications from common web exploits. A rate-based rule automatically blocks or throttles requests from IP addresses that exceed a specified threshold within a five-minute period, directly addressing HTTP flood attacks with minimal operational overhead. Creating an Amazon CloudFront distribution with a maximum TTL of 24 hours would cache responses, but it wouldn't actively mitigate a flood of unique requests or attacks targeting the API directly. Using Amazon CloudWatch metrics to monitor and alert is reactive; it doesn't prevent the attack. Creating a CloudFront distribution with Lambda@Edge to block requests is a custom solution with higher operational overhead than a managed WAF rule.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed