How can a solutions architect ensure that traffic between an EC2-hosted application and Amazon S3 does not traverse the public internet, as per the chief information security officer's directive?