A company has Amazon EC2 instances deployed in private subnets within a VPC. These instances must initiate all outbound requests leaving the VPC, including communication with the company's on-premises data center via an AWS Direct Connect connection. No external resources should be permitted to establish direct communication with the EC2 instances. The on-premises data center's customer gateway uses a stateful firewall device to filter incoming and outgoing traffic to and from multiple VPCs. The company also wants to implement a single IP match rule to allow all traffic from the EC2 instances to the data center using a single IP address. Which solution meets these requirements with the MINIMAL operational overhead? | AWS Certified Advanced Networking - Specialty Quiz