Which combination of steps will achieve this level of control with the LEAST operational effort?
(Choose three.)
Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).
Configure attachments to all VPCs and VPNs.
Setup transit gateway route tables. Associate the VPCs and VPNs with the route tables.
Configure VPC peering between the VPCs.
Configure attachments between the VPCs and VPNs.
Setup route tables on the VPCs and VPNs.
Explanations:
Creating a transit gateway and sharing it via AWS Resource Access Manager (AWS RAM) allows centralized connectivity management across AWS accounts.
Configuring attachments between the transit gateway and all VPCs/VPNs enables communication through the transit gateway.
Setting up transit gateway route tables and associating VPCs/VPNs controls traffic flow, allowing specific VPCs to communicate based on routing policies.
VPC peering does not scale well for hundreds of VPCs and requires complex management compared to a transit gateway.
Attachments should be done via a transit gateway to simplify the architecture, rather than directly between VPCs and VPNs.
Configuring individual VPC and VPN route tables is more complex and increases operational overhead compared to transit gateway route tables.
To the best of my knowledge, the answer is:
Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).