What should a solutions architect do to meet these requirements?

Explanations:

While AWS WAF can protect both APIs and Amazon GuardDuty can monitor for malicious attempts, Amazon Inspector is not applicable for analyzing the legacy API running on a standalone EC2 instance. Instead, it is primarily used for assessing vulnerabilities in Amazon EC2 instances and container images. Thus, this option does not fully meet the security needs for both APIs.

This option correctly uses AWS WAF for the API Gateway API and mentions Amazon Inspector for analyzing both APIs. However, it incorrectly states that GuardDuty can block malicious attempts. GuardDuty is a monitoring service and can provide alerts but does not have the capability to block access; that is the function of WAF.

This option appropriately applies AWS WAF to the API Gateway API for protection and configures Amazon Inspector to analyze the legacy API, ensuring that both APIs are considered. Additionally, GuardDuty is used to monitor for malicious attempts to access both APIs, fulfilling the security requirements comprehensively.

Similar to other options, while AWS WAF is correctly applied to the API Gateway API, Amazon Inspector’s role is misrepresented. Inspector is not designed to protect but to assess vulnerabilities. GuardDuty is also incorrectly mentioned as having blocking capabilities, which it does not possess. Thus, it fails to meet the security requirements accurately.