How to have segregated database for clients while maintaining control over code?

I have a SAAS application hosted on AWS EC2 and RDS. we use django and Postgres for the stack

What we did was we had the public schema holding the tenant info but the tenant specific data are held in individual schema in the same database

Recently we have requests that some customers want to host the software in their own premises because they want to have complete control over the data.

That means we lost control over the source code and plus it's harder to debug and deploy code hosted on premises rather than on cloud.

It's possible that they might be okay with us deploying it on their AWS account. So it's their ec2 and rds.

That gave us an idea.

Is it possible for us to deploy the source code on our AWS ec2 and their data will be in their AWS rds?

What we need to accomplish is that:

1. We have no way to read their data
2. They have no way to read our code
3. Yet we can easily make code changes and schema changes (probably via django migrations)

How can we accomplish this with AWS services? I need a rough plan.

So far my ideas are

A. Code on our ec2 data in their rds (Ensure 2 & 3 not 1)

B. Code on their ec2 and data in their rds (Ensure 1 not 3&2)

Or is there a solution involving tweaking A or B?