A software-as-a-service (SaaS) company hosts an application on AWS in a VPC. External customers will use the application on their own Amazon EC2 instances. To access the application, the customers need to install a client application on an EC2 instance in a VPC in their AWS accounts.
A security engineer is designing a solution to allow communication between the client software and the SaaS application. The solution must maximize scalability and security.
Which combination of actions will meet these requirements? (Choose two.)

A. Create a Network Load Balancer (NLB) in the VPC in the SaaS company account. Use the NLB for TLS termination and load balancing. Use EC2 instances as targets for the NLB.
B. Create a Network Load Balancer (NLB) in the VPCs in the customer accounts. Use the NLB for TLS termination and load balancing. Use EC2 instances as targets for the NLB.
C. Create an AWS PrivateLink endpoint service in the VPCs in the customer accounts. Create a PrivateLink interface endpoint in the VPC in the SaaS company account.
D. Create an AWS PrivateLink endpoint service in the VPC in the SaaS company account. Create a PrivateLink interface endpoint in the VPCs in the customer accounts.
E. Create a VPC peering connection between the VPC in the SaaS company account and the VPCs in the customer accounts. Create the required routes for a VPC peering connection.