184. An application is running on multiple EC2 instances. As part of an initiative to improve overall infrastructure security, the EC2 instances were moved to a private subnet. However, since moving, the EC2 instances have not been able to automatically update, and a SysOps Administrator has not been able to SSH into them remotely. Which two actions could the Administrator take to securely resolve these issues? (Choose two.)
A. Set up a bastion host in a public subnet, and configure security groups and route tables accordingly
B. Set up a bastion host in the private subnet, and configure security groups accordingly
C. Configure a load balancer in a public subnet, and configure the route tables accordingly
D. Set up a NAT gateway in a public subnet, and change the private subnet route tables accordingly
E. Set up a NAT gateway in a private subnet, and ensure that the route tables are configured accordingly