Which combination of steps will meet these requirements MOST cost-effectively?
(Choose two.)
Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to each AWS account.
Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to a shared services account. Share the subnets by using AWS Resource Access Manager.
Use AWS Transit Gateway along with an AWS Site-to-Site VPN for connectivity to the on-premises network. Share the transit gateway by using AWS Resource Access Manager.
Use AWS Site-to-Site VPN for connectivity to the on-premises network.
Use AWS Direct Connect for connectivity to the on-premises network.
Explanations:
Creating a CloudFormation template and deploying it to each AWS account does not address the connectivity requirement to the on-premises network and may lead to redundancy in setup without efficient resource sharing.
This option allows the creation of a VPC in a shared services account, which can manage networking resources centrally, and sharing subnets via AWS Resource Access Manager (RAM) enables efficient resource utilization and reduces duplication of efforts across teams.
Using AWS Transit Gateway with Site-to-Site VPN may provide a scalable solution, but it is not the most cost-effective for less than 50 Mbps of traffic, as it introduces additional costs associated with Transit Gateway, which may not be necessary for this low bandwidth requirement.
Utilizing AWS Site-to-Site VPN provides a direct and cost-effective solution for connecting to the on-premises network, particularly suitable for the expected low traffic volume, avoiding additional complexities and costs associated with other methods.
AWS Direct Connect is generally more suited for high-bandwidth and consistent connectivity needs. Given the low traffic expectations (less than 50 Mbps), Direct Connect would be unnecessarily expensive compared to the Site-to-Site VPN option.