A security engineer must implement a solution to allow the company's SysOps team to have interactive command line access to Amazon EC2 Linux instances using the AWS Management Console. The solution should minimize the attack surface of the EC2 instances. Which steps should the security engineer take to satisfy this requirement while maintaining least privilege? (Select TWO.)