A company deploys applications using AWS CloudFormation across multiple VPCs interconnected via a transit gateway. Traffic destined for the public internet is routed through a shared services VPC. Each VPC's subnets utilize the default VPC route table, directing traffic to the transit gateway, which in turn employs its default route table for all VPC attachments. A security audit has identified that EC2 instances within a VPC can communicate with instances in other company VPCs. To enhance security, a solutions architect must restrict this communication, allowing each VPC to interact only with a predetermined set of authorized VPCs. What measures should the solutions architect implement to achieve this restricted communication?