A company has a website running on Amazon EC2. The application DNS name points to an Elastic IP address associated with the EC2 instance. In the event of an attack on the website coming from a specific IP address, the company wants a way to block the offending IP address.
Which tool or service should a Solutions Architect recommend to block the IP address?
A. Security groups
B. Network ACL
C. AWS WAF
D. AWS Shield
Correct Answer: B
Here most people will chose C. Why not ? this is the reason You use AWS WAF to control how API Gateway, Amazon CloudFront or an Application Load Balancer responds to web requests.
https://docs.aws.amazon.com/waf/latest/developerguide/how-aws-waf-works.html
At EC2 level we cannot use WAF. Here is how we use ACL to block the IP