A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet.
Which capability should the solutions architect use to meet the compliance requirements?
A . AWS Key Management Service (AWS KMS) )
B . VPC endpoint
C . Private subnet
D . Virtual private gateway
Answer: A