I need a lean, cost-aware security stack on AWS that inspects and filters every call hitting my EC2-hosted APIs. The foundation should be the native controls—AWS WAF, AWS Shield and AWS Network Firewall—while a lightweight machine-learning layer spots traffic anomalies for early warning. Scope • Position AWS WAF, Shield and Network Firewall in front of my EC2 fleet so I can block, rate-limit and log API requests. • Produce a basic ML prototype (SageMaker or a small Python service is fine) that ingests the log stream and flags unusual request patterns or IP spikes. • Keep the build simple and inexpensive; use free-tier resources where possible. Deliverables 1. Architecture diagram illustrating EC2, security services and the ML component. 2. Infrastructure-as-Code (CloudFormation or Terraform) that spins up a working proof-of-concept in my account. 3. Sample ML training script and inference endpoint (or Lambda) with clear retraining steps. 4. Deployment and test guide showing how to generate sample traffic and review logs or alerts. If pulling in S3, Lambda or another AWS tool will simplify the design, I’m open to it—just explain the trade-offs. Experience writing custom WAF rules, configuring Shield Advanced, or building anomaly detection on AWS is a strong plus. Timeline: one week from award. I respond quickly to clarify anything you need.