Which combination of steps will meet these requirements?
(Choose three.)
Create a Direct Connect gateway in the central account. In each of the accounts, create an association proposal by using the Direct Connect gateway and the account ID for every virtual private gateway.
Create a Direct Connect gateway and a transit gateway in the central network account. Attach the transit gateway to the Direct Connect gateway by using a transit VIF.
Provision an internet gateway. Attach the internet gateway to subnets. Allow internet traffic through the gateway.
Share the transit gateway with other accounts. Attach VPCs to the transit gateway.
Provision VPC peering as necessary.
Provision only private subnets. Open the necessary route on the transit gateway and customer gateway to allow outbound internet traffic from AWS to flow through NAT services that run in the data center.
Explanations:
Direct Connect gateway associations are used for connecting Direct Connect to a Virtual Private Gateway (VGW), but this setup doesn’t meet the requirement to allow seamless communication between multiple VPCs.
A Direct Connect gateway and a transit gateway allow centralized connectivity for all VPCs and the on-premises data center, facilitating seamless communication and routing to the internet via the data center.
While provisioning an internet gateway is important for internet access, this step does not meet the requirement of routing traffic through the on-premises data center.
Sharing the transit gateway across accounts enables all VPCs, from different accounts, to communicate via the centralized transit gateway, ensuring seamless connectivity.
VPC peering only allows direct communication between two VPCs, but it doesn’t provide the scalability needed for hundreds of VPCs, nor does it enable routing through the on-premises data center.
Provisioning only private subnets with necessary routes on the transit gateway and customer gateway ensures traffic can be routed to the on-premises data center for outbound internet access.