A financial services company is building a hybrid Payment Card Industry Data Security Standard (PCI-DSS) compliant application that runs in the us-east-1 Region as well as on-premises. The application sends access logs from all locations to a single S3 bucket in the us-east-1 Region. To protect this sensitive data, the bucket policy is configured to deny access from public IP addresses. As an AWS Certified Solutions Architect Professional, how would you configure the network to meet these requirements?