A company wishes to deploy a new web service in the cloud that should be publicly accessible. Additionally, the service needs to interact with a data center located on-premises without exposing this interaction to the public internet. Which setup will best achieve this objective?
Use a Network Interface with an associated Elastic IP in conjunction with a dedicated customer gateway to regulate access between the web clients and the internal data center.
Establish a site-to-site VPN connection using a Virtual Private Gateway, while enabling public internet connectivity with an Internet Gateway.
Deploy a NAT Gateway for instances that must communicate with external web clients, accompanied by rigorously configured Security Groups allowing ingress from known internal IP ranges.
Utilize an Elastic Load Balancer for internet-facing traffic and a Network Access Control List set to accept connections exclusively from the data center IP range.