The solutions architect at InnovateTech needs to restrict a subset of their authenticated APIs, currently using regional API Gateway endpoints and Lambda functions, to be accessible only from within their VPC with minimal effort. What is the most efficient solution to achieve this?