What is the MOST cost-effective solution that meets these requirements?
Create a Client VPN endpoint in each AWS account. Configure required routing that allows access to internal applications.
Create a Client VPN endpoint in the main AWS account. Configure required routing that allows access to internal applications.
Create a Client VPN endpoint in the main AWS account. Provision a transit gateway that is connected to each AWS account. Configure required routing that allows access to internal applications.
Create a Client VPN endpoint in the main AWS account. Establish connectivity between the Client VPN endpoint and the AWS Site-to-Site VPN.
Explanations:
Creating a Client VPN endpoint in each AWS account would increase costs significantly due to multiple endpoints, making it less cost-effective. It also adds complexity to the routing configuration across accounts.
Creating a single Client VPN endpoint in the main AWS account is the most cost-effective solution. It allows for centralized management of connections and simplifies routing, while providing access to all internal applications through peering connections.
Adding a transit gateway increases costs as it introduces additional charges for the transit gateway service. While it may provide scalability, it is not the most cost-effective solution for the requirements.
While establishing connectivity between the Client VPN endpoint and the AWS Site-to-Site VPN may allow for access to on-premises resources, it does not directly address the scalability and internal application access requirements, and it could involve additional setup complexity and costs.
I sort that the answer is:
Create a Client VPN endpoint in the main AWS account. Configure required routing that allows access to internal applications.
My best guess is:
Create a Client VPN endpoint in the main AWS account. Configure required routing that allows access to internal applications.