You are responsible for implementing network security controls in a VPC that hosts a web application. The application requires strict access controls and the ability to monitor all inbound and outbound traffic. Which combination of AWS services would you use to achieve this?