Which combination of steps will meet these requirements?
(Choose two.)
From the management account, share the transit gateway with member accounts by using AWS Resource Access Manager.
From the management account, share the transit gateway with member accounts by using an AWS Organizations SCP.
Launch an AWS CloudFormation stack set from the management account that automatically creates a new VPC and a VPC transit gateway attachment in a member account. Associate the attachment with the transit gateway in the management account by using the transit gateway ID.
Launch an AWS CloudFormation stack set from the management account that automatically creates a new VPC and a peering transit gateway attachment in a member account. Share the attachment with the transit gateway in the management account by using a transit gateway service-linked role.
From the management account, share the transit gateway with member accounts by using AWS Service Catalog.
Explanations:
Sharing the transit gateway with member accounts using AWS Resource Access Manager (RAM) allows member accounts to access the transit gateway. This ensures connectivity between the VPCs in different accounts.
AWS Organizations Service Control Policies (SCPs) cannot be used to share or grant access to AWS resources like transit gateways. SCPs are used for controlling access to services, not for sharing resources.
Using AWS CloudFormation stack sets to automatically create a new VPC and a transit gateway attachment in each member account is a valid solution for automating this process. Associating the attachment with the transit gateway ensures that connectivity is established.
Peering transit gateway attachments are not the correct type of attachment for this use case. Transit gateway attachments should be of the type “VPC attachment,” not “peering.” Additionally, service-linked roles are not used for sharing attachments between accounts in this way.
AWS Service Catalog is used for managing portfolios of AWS resources and cannot directly be used to share a transit gateway. It’s not the correct tool for automating the attachment process in this scenario.