Configuration issue

I am having two applications running on same AWS EC2 instance, one application needs public access and other application needs only internal access.

If I set Zero trust, I should remove public access security group, but it will affect the public access application.

If I keep public access IP security group, it will affect the private application, Zero Trust rules are not working as it is open to public

can suggest the best approach for this case.