A company plans to stop using Amazon EC2 key pairs for SSH access, and instead plans to use AWS Systems Manager Session Manager. To further enhance security, access to Session Manager must take place over a private network only.
Which combinations of actions will accomplish this? (Choose two.)
A. Allow inbound access to TCP port 22 in all associated EC2 security groups from the VPC CIDR range.
B. Attach an IAM policy with the necessary Systems Manager permissions to the existing IAM instance profile.
C. Create a VPC endpoint for Systems Manager in the desired Region.
D. Deploy a new EC2 instance that will act as a bastion host to the rest of the EC2 instance fleet.
E. Remove any default routes in the associated route tables.
Which combinations of actions will accomplish this? (Choose two.)
A. Allow inbound access to TCP port 22 in all associated EC2 security groups from the VPC CIDR range.
B. Attach an IAM policy with the necessary Systems Manager permissions to the existing IAM instance profile.
C. Create a VPC endpoint for Systems Manager in the desired Region.
D. Deploy a new EC2 instance that will act as a bastion host to the rest of the EC2 instance fleet.
E. Remove any default routes in the associated route tables.