You're setting up a CI pipeline where the build step requires access to APIs within your private VPC network. To adhere to your security team's requirement of not exposing API traffic publicly, you need a solution with minimal management overhead. What's the best approach?