Globex Corp's security team requires a method to restrict access to their new web application, running on EC2 instances behind an ALB, to users from only one specific country and needs to log blocked access attempts with minimal maintenance overhead. Which solution meets these requirements?