An application runs on Amazon EC2 instances that use an Amazon SQS queue and an Amazon DynamoDB table. The application processes highly confidential information and the connectivity between these AWS services should be private. Which combination of steps should the security engineer take to meet this requirement? (Select THREE.)