I’d say one of those two options might be the most feasible to block them
(http.user_agent contains "Googlebot" and ip.geoip.asnum eq 14618)
(http.user_agent contains "Googlebot" and not cf.client.bot)
The first blocks requests with a user agent containing “Googlebot” and coming from Amazon’s networks. The second one blocks based on the same user agent but requests which are not Cloudflare internally marked as “known crawler” requests.