AWS Certified Solutions Architect – Associate (SAA-C03) — Question 163

A company’s web application is running on Amazon EC2 instances behind an Application Load Balancer. The company recently changed its policy, which now requires the application to be accessed from one specific country only.

Which configuration will meet this requirement?

Answer options

• A. Configure the security group for the EC2 instances.
• B. Configure the security group on the Application Load Balancer.
• C. Configure AWS WAF on the Application Load Balancer in a VPC.
• D. Configure the network ACL for the subnet that contains the EC2 instances.

Correct answer: C

Explanation

The correct answer is C because AWS WAF can be configured to restrict access based on geographic location, effectively enforcing the policy. Options A and B involve security groups, which manage access at the instance and load balancer levels but do not provide geo-restriction capabilities. Option D pertains to network ACLs, which also do not support country-based filtering.