A company operates an Amazon SageMaker training job in a public subnet within an Amazon VPC. The network is properly configured, allowing seamless data transfer between the SageMaker training job and Amazon S3. Recently, the company identified malicious traffic originating from a specific IP address, targeting the resources within the VPC. The company needs to block all traffic from the suspicious IP address while ensuring legitimate traffic remains unaffected. Which of the following would you recommend to address this requirement?