Windows: what are the security risks in 6 cases of using ASA and firepower with Amazon?

A. What are the security risks in 4 cases of using ASA and firepower with Amazon?

B. Which case is the safest?

C. Should I apply firepower 1. on the outside and inside at the same time or 2. apply only on the outside or 3. apply only on the inside

D. Will there be great hackers or hackers at the national level in the Internet service provider that can hack one of these cases?

Case 1

ASA only without firepower
deny outside any
allow Amazon a host IP address only in 3389 from the inside out
and the maximum connection of the service policy is 1 only

case 2

ASA with configured firepower
deny outside any

and apply the firepower to the exterior with the service policy.
where the firepower allows the private network to any http and https and udp 53 and tcp 53 out and denies outside any

allow Amazon a host IP address only in 3389 from the inside out
and the maximum connection of the service policy is 1 only

and apply the firepower inside with the service policy.
where the firepower allows the private network to any http and https and udp 53 and tcp 53 out and denies outside any

case 3

ASA with configured firepower
deny outside any
allow Amazon a host IP address only in 3389 from the inside out
and the maximum connection of the service policy is 1 only

did not apply the firepower abroad with the service policy and only ASA denied outside of any

and apply the firepower inside with the service policy.
where the firepower allows the private network to any http and https and udp 53 and tcp 53 out and denies outside any

case 4, using case 1 but with the Amazon VPN configuration

ASA only without firepower
deny outside any
allow Amazon a host IP address only in 3389 from the inside out
and the maximum connection of the service policy is 1 only
Apply the Amazon VPN configuration with the method at https://docs.aws.amazon.com/vpc/latest/adminguide/Cisco_ASA.html

case 5, only with case 2, but add Amazon's VPN configuration

case 6, only with case 3 but add Amazon's VPN configuration

All cases with the following use and applied.

just use the virtual machine in window 10 to connect the amazon host with mstsc.exe
and the forbidden window {cmd, registry, batch, powershell} and only allows the specified application mmc.exe and mmc.msc and notepad.exe and mspaint.exe and gpedit.msc and gpedit and WINWORD.exe and EXCEL.exe