A network engineer is managing a large-scale migration from an on-premises data center to a multi-account environment based on AWS Control Tower. The environment includes a transit gateway deployed in a central network services account, which has been shared with an organization in AWS Organizations using AWS Resource Access Manager (AWS RAM). Additionally, a shared services account hosts workloads that need to be accessible across the entire organization.

The engineer must design a solution to automate the deployment of standard network components across the environment. This solution should provision a VPC for application workloads in each new and existing member account, ensuring these VPCs are connected to the transit gateway in the central network services account.

Which three steps should be combined to fulfill these requirements with minimal operational overhead?