The engineering team at CloudScape uses AWS CloudFormation to manage multiple VPCs connected via a transit gateway. A recent security audit reveals unrestricted communication between EC2 instances across all VPCs, and a solutions architect needs to implement a solution to limit traffic such that each VPC can only communicate with a specific, authorized set of VPCs. What should the solutions architect do to meet these requirements?