A multinational media company operates RESTful APIs using Amazon API Gateway in both the US East (N. Virginia) and Asia Pacific (Sydney) Regions. These APIs support the companys global content delivery platform, which allows users to stream articles, videos, and digital publications. The APIs are managed across multiple AWS accounts. To meet new compliance and security mandates, the company must protect these APIs against threats such as SQL injection and cross-site scripting (XSS), while minimizing ongoing maintenance. What is the best way to implement this protection with the least amount of administrative effort?