A company is leveraging AWS for developing a generative AI model that creates financial summaries and insights. The firm is obligated to comply with financial industry regulations and must ensure its infrastructure and data access points are resilient to breaches and misuse. Which of the following security approaches most effectively supports a defense-in-depth strategy?