A company operates multiple workloads on AWS, where employees authenticate using on-premises ADFS and SSO for access to the AWS Management Console. Recently, a legacy web application was migrated to an Amazon EC2 instance. This application lacks an integrated authentication system, yet employees must securely access it from anywhere on the internet. What is the most appropriate method for a security engineer to ensure that only authenticated employees can access this application without modifying its existing code? | AWS Certified Security - Specialty Quiz