A company has several workloads running on AWS. Employees are required to authenticate using on-premises ADFS and SSO to access the AWS ManagementConsole. Devel...

A company has several workloads running on AWS. Employees are required to authenticate using on-premises ADFS and SSO to access the AWS ManagementConsole. Developers migrated an existing legacy web application to an Amazon EC2 instance. Employees need to access this application from anywhere on the internet, but currently, there is no authentication system built into the application.
How should the Security Engineer implement employee-only access to this system without changing the application?