A company has deployed Linux-based application instances on EC2 in a private subnet and a Linux bastion host in a public subnet within a VPC. The solutions architect must establish secure connectivity from the on-premises network to the bastion host and subsequently to the application servers. What steps should be taken to configure the security groups for this access? | AWS Certified Solutions Architect - Associate Quiz