Which solution will meet these requirements?
Create a transit gateway in the development account. Create a transit gateway peering request to the shared services account. Configure the shared services transit gateway to automatically accept peering connections.
Turn on automatic acceptance for the transit gateway in the shared services account. Use AWS Resource Access Manager (AWS RAM) to share the transit gateway resource in the shared services account with the development account. Accept the resource in the development account. Create a transit gateway attachment in the development account.
Turn on automatic acceptance for the transit gateway in the shared services account. Create a VPC endpoint. Use the endpoint policy to grant permissions on the VPC endpoint for the development account. Configure the endpoint service to automatically accept connection requests. Provide the endpoint details to the development team.
Create an Amazon EventBridge rule to invoke an AWS Lambda function that accepts the transit gateway attachment when the development account makes an attachment request. Use AWS Network Manager to share the transit gateway in the shared services account with the development account. Accept the transit gateway in the development account.
Explanations:
Creating a new transit gateway in the development account and establishing a peering connection to the shared services account does not align with the requirement for easy resource recreation in the development environment. It would require manual configuration for peering each time resources are recreated, which contradicts the need for a seamless connection setup.
By enabling automatic acceptance for the transit gateway in the shared services account and using AWS Resource Access Manager (RAM) to share the transit gateway with the development account, the development team can easily recreate the connection as needed without requiring manual intervention. This setup allows for straightforward management of access to shared resources while meeting the company’s requirements.
This option suggests creating a VPC endpoint with an endpoint policy for access, which is not the correct approach for connecting to a transit gateway. VPC endpoints are for accessing services privately without using an internet gateway or NAT, and they don’t facilitate direct VPC-to-VPC connectivity, which is needed in this case. Additionally, it does not address the need for the development team to recreate the connection easily.
While using an EventBridge rule to invoke a Lambda function for accepting transit gateway attachment requests might work, it adds unnecessary complexity to the solution. The primary requirement is for the development team to easily manage their connection to the shared services account, which is more efficiently handled through AWS RAM as described in option B, rather than relying on a Lambda function for manual attachment acceptance.