A SaaS company offers several services via APIs. They use Amazon Web Services API Gateway for the management and integration of their services. They would like to start tracking the IP addresses of clients accessing the APIs to set up IP based security alerts. What solution would meet these requirements (SELECT TWO)?

Answer options:

A.Enable API Gateway Execution Logs.
B.Enable API Gateway Access Logs.
C.Enable GuardDuty.
D.Configure SNS notifications for CloudTrail.
E.Configure CloudWatch Alarm.

Answer: B and E
Option A is incorrect because API Gateway Execution logs contain details about latency, execution errors, and cache hits/misses. It would not provide information about IP based access.
Option B is CORRECT because API Gateway Access logs contain details about the user and IPs accessing the APIs exposed via API Gateway.
Option C is incorrect because Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3 and would not provide information on API Gateway access.
Option D is incorrect because CloudTrail collects information about AWS API access requests. It would not provide alerts, detection methods for specific IPs or tracking mechanisms.
Option E is CORRECT because when logging is enabled on API Gateway, logs are sent to CloudWatch Logs. CloudWatch Metrics and Alarms can then be configured to provide IP based alerts as needed.
Reference:
https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html