A company is running a publicly accessible serverless application that uses Amazon API Gateway and AWS Lambda. The application’s traffic recently spiked due to fraudulent requests from botnets. Which steps should a solutions architect take to block requests from unauthorized users? (Choose two.)
ACreate a usage plan with an API key that is shared with genuine users only.
BIntegrate logic within the Lambda function to ignore the requests from fraudulent IP addresses.
CImplement an AWS WAF rule to target malicious requests and trigger actions to filter them out.
DConvert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint.
ECreate an IAM role for each user attempting to access the API. A user will assume the role when making the API call.