To ensure only your traffic-scrubbing service can access your gaming service instances with private IP addresses behind a global load balancer, what configuration steps should you take?

(Note: The original question may have contained OCR errors in code blocks, but none were present in this case.)