You are running a website on EC2 instances behind an application load balancer. You would like to block any request which come from the following IP address range: 86.130.105.0/24 which you have identified as malicious. Which of the following approaches could you use to block requests from this IP range? (Choose 2)
1. Use an AWS WAF Web ACL to block all requests coming from the IP address range
2. Use an S3 bucket policy to block requests coming from the IP address range
3. Use a Network ACL to block all requests coming from the IP address range
4. Use Security Group to block all requests coming from the IP address range
I selected option 1 and 4 but was marked incorrect, with the question saying I should have chosen 1 and 3
Based partially on the below, I would think the correct answer would be 1, 3, and 4
1 Answers
Security Groups can’t block requests, only allow them through
SGs work on an implicit deny. You enter the values to allow, everything else is denied. Think of when you create an SG rule. You just give port & IP, there’s no option to select allow or deny.