How to connect securely from Redshift serverless to federated RDS Aurora cluster schema?

I have a Redshift serverless workgroup inside a VPC, and I want to securely create a federated schema of an RDS Aurora cluster through a security group or another mechanism. The Aurora cluster is in the same VPC and uses the same public subnets as Redshift serverless. I created a security group for Redshift serverless and a different one for the Aurora cluster instance. Connecting only works for me by opening the MySQL port to all IPv4 in the Aurora cluster instance. I use the Redshift Query Editor v2 in the browser to test. Here are some security group rules that don't work in my setup: 1- In Aurora cluster instance: Allow MySQL port for the "VPC CIDR range". 2- In Aurora cluster instance: Allow MySQL port for the "Redshift serverless security group".

What do I need to do in Aurora and Redshift serverless to have the security group with restricted access to only Redshift serverless and not open to any IPv4? Can I use the Aurora VPC endpoints with Redshift Serverless?

I'm also considering using a Redshift cluster, which I expect to be more expensive but also more secure than Redshift serverless.

Any help you can provide is highly appreciated.