A healthcare organization is using Amazon EC2 instances to host an application that stores sensitive patient records. In compliance with healthcare regulations, the organization must restrict access to these records. A system engineer needs to establish a secure connection to the EC2 instances without opening any inbound ports, managing SSH keys, or maintaining bastion hosts. The organization also requires that all session activity logs are monitored, stored, and accessible in an encrypted format. Which solution would satisfy these requirements?