A company is implementing an AWS Transit Gateway hub-and-spoke architecture for migration to AWS. Their existing on-premises MPLS network enforces network segmentation using MPLS VPNs with strict controls. They have established two 10 Gbps AWS Direct Connect connections for resilient, high-speed, low-latency connectivity to AWS. A security engineer must implement network segmentation in the AWS environment to ensure logical separation of virtual routing and forwarding (VRF) for each software development environment. The number of MPLS VPNs is expected to grow, and on-premises MPLS VPNs use overlapping address spaces. The AWS network design must accommodate overlapping address spaces for these VPNs. Which solution meets these requirements with the MINIMUM operational overhead? | AWS Certified Advanced Networking - Specialty Quiz