A logistics company wants to provide one of its enterprise clients with secure file download access to datasets stored in Amazon S3. The client requires the use of an existing on-premises Microsoft Active Directory for authentication and must access the files via their current SFTP client without needing to change the application. The company wants a solution that minimizes operational complexity. What is the most effective approach to meet these requirements?