A company operates a public-facing website on an Amazon EC2 instance that requires HTTPS access. The instance is managed via SSH, and it resides within a specific subnet for the website (10.0.1.0/24) and another subnet for management purposes (192.168.100.0/24). As a security engineer tasked with configuring the security group for this EC2 instance, which two actions would you take to ensure the most secure setup? (Select two options.)