Which combination of steps will achieve this level of control with the LEAST operational effort?
(Choose three.)
Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).
Configure attachments to all VPCs and VPNs.
Set up transit gateway route tables. Associate the VPCs and VPNs with the route tables.
Configure VPC peering between the VPCs.
Configure attachments between the VPCs and VPNs.
Set up route tables on the VPCs and VPNs.
Explanations:
Creating a transit gateway in one AWS account and sharing it using AWS RAM allows multiple AWS accounts to access the same transit gateway. This facilitates easier management and control of inter-VPC communication across accounts, reducing operational effort.
Configuring attachments to all VPCs and VPNs ensures that the transit gateway can route traffic between these networks, enabling communication as needed. This step is essential for achieving the desired connectivity without creating complex interconnections.
Setting up transit gateway route tables allows for granular control over traffic flow between the connected VPCs and VPNs. By associating specific VPCs and VPNs with designated route tables, the company can determine which networks can communicate with each other.
Configuring VPC peering is not the optimal choice here as it creates one-to-one connections between VPCs, which can lead to complexity and management overhead. It does not provide the centralized control that a transit gateway offers.
Configuring attachments between the VPCs and VPNs is redundant if attachments are already made to the transit gateway. The transit gateway serves as a central point for communication, making direct attachments less necessary.
Setting up route tables on the individual VPCs and VPNs would require additional management and can complicate routing. The centralized route tables of the transit gateway should suffice for routing decisions.