A company currently uses AWS Site-to-Site VPN connections to encrypt traffic between its on-premises location and a single VPC, utilizing two 1 Gbps AWS Direct Connect connections with public VIFs. The company intends to add 15 more VPCs in the same AWS Region while maintaining the same encryption level for each connection between the on-premises location and the new VPCs. The new connections must avoid using public IP addresses, and the bandwidth of the Site-to-Site VPN connections will stay below the current provisioned speed.

Which combination of steps will fulfill these requirements with the LEAST operational overhead? (Choose three.)