A legacy application running on-premises requires a Solutions Architect

A legacy application running on-premises requires a Solutions Architect to be able to open a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection to AWS(Amazon Web Service) in place. How should the Architect meet this requirement?
A. Create an IAM role that allows access from the corporate network to Amazon S3
B. Configure a proxy on Amazon EC2 and use an Amazon S3 VPC endpoint
C. Use Amazon API Gateway to do IP whitelisting.
D. Configure IP whitelisting on the customers gateway.

View Answer Here