A company is deploying a web application on AWS and requires that the backend servers hosting the application are not publicly accessible, except via the application's front-end interface. What is the most effective method to prevent direct internet access to these backend servers?
Limit the backend servers' security group to permit inbound SSH connections only from trusted IP addresses.
Set up the backend servers' security group to allow inbound HTTP and HTTPS traffic exclusively from the security group assigned to the load balancer.
Change the route table to ensure all outbound internet traffic from the backend servers goes through a NAT gateway.
Assign Elastic IP addresses to each backend server to restrict internet access.