How to securely access and transfer files to an EC2 instance in a private subnet of VPC in AWS?

The question will be answered along with accountability and visibility using CloudWatch logging and cryptographic security of SSM sessions using KMS.