A company is developing a cloud-based API-driven communications platform hosted on EC2 instances with a Network Load Balancer (NLB) and Amazon API Gateway for external API access. To safeguard against web exploits and DDoS attacks, which AWS services should be combined for maximum protection?