An international IT consulting firm has multiple on-premises data centers across the globe. Their technical team regularly uploads financial and regulatory files from each of their respective data centers to a centralized web portal hosted in AWS. It uses an Amazon S3 bucket named financial-tdojo-reports to store the data. Another team downloads various reports from a CloudFront web distribution that uses the same Amazon S3 bucket as the origin. A DevOps Engineer noticed that the staff are using both the CloudFront link and the direct Amazon S3 URLs to download the reports. The IT Security team of the company considered this as a security risk, and they recommended to re-design the architecture. A new system must be implemented that prevents anyone from bypassing the CloudFront distribution and disable direct access from Amazon S3 URLs. What should the Engineer do to meet the above requirement?