A cloud engineer is configuring a web application on AWS and needs to ensure that only HTTP and HTTPS traffic from the internet is allowed to reach the EC2 instances. Which AWS service should be used to control inbound traffic at the instance level?
Trap 1: AWS Shield
AWS Shield is a DDoS protection service, not used for basic inbound traffic filtering.
Trap 2: AWS WAF
AWS WAF is a web application firewall that protects against web exploits, not a basic traffic control.
Trap 3: Network ACL
Network ACLs are stateless and operate at the subnet level, not instance level.
- A
Security Group
Security groups are stateful instance-level firewalls that can allow HTTP/HTTPS inbound traffic.
- B
AWS Shield
Why wrong: AWS Shield is a DDoS protection service, not used for basic inbound traffic filtering.
- C
AWS WAF
Why wrong: AWS WAF is a web application firewall that protects against web exploits, not a basic traffic control.
- D
Network ACL
Why wrong: Network ACLs are stateless and operate at the subnet level, not instance level.