A healthcare software provider runs an application on Amazon EC2 instances within public subnets. The application processes sensitive medical record files that are stored in Amazon S3. Currently, the EC2 instances connect to S3 over the public internet. However, a new compliance policy now requires that all data transfers between the application and S3 remain within the AWS private network and not traverse the public internet. The EC2 instances do not need access to any external resources beyond Amazon S3.What change should be made to the network design to comply with the new security requirement?