A startup company hosts a fleet of Amazon EC2 instances in private subnets using the latest Amazon Linux 2 AMI. The company's engineers rely heavily on SSH access to the instances for troubleshooting. The company's existing architecture includes the following: --A VPC with private and public subnets, and a NAT gateway --Site-to-Site VPN for connectivity with the on- premises environment --EC2 security groups with direct SSH access from the on-premises environment The company needs to increase security controls around SSH access and provide auditing of commands executed by the engineers. Which strategy should a solutions architect use? | AWS Certified Solutions Architect - Professional Quiz