AWS Certified Solutions Architect - Associate

Explanation

Correct Answer: C - Create an AWS Transit Gateway in the networking team's AWS account. Configure static routes from each VPC.

Why this is the MOST operationally efficient solution:

1. AWS Transit Gateway is specifically designed for this scenario - connecting multiple VPCs across multiple AWS accounts in a hub-and-spoke architecture.
2. Operational efficiency: With hundreds of AWS accounts, managing individual VPC peering connections (Option A) would require n*(n-1)/2 connections, which becomes unmanageable at scale.
3. Centralized management: The networking team can manage the Transit Gateway from their own AWS account, providing centralized control and visibility.
4. Simplified routing: Transit Gateway uses dynamic routing (BGP) rather than requiring manual static route configuration for each connection.
5. Cross-account attachment: Transit Gateway supports VPC attachments from other AWS accounts using AWS Resource Access Manager (RAM).

Why other options are less efficient:

• Option A (VPC Peering): Not scalable for hundreds of accounts - would require thousands of peering connections and complex route table management.
• Option B (NAT + Internet Gateway): This would route traffic over the public internet, which is less secure, has higher latency, and incurs data transfer costs.
• Option D (VPN Gateways + Transit VPC): This is an older, more complex solution that has been largely superseded by Transit Gateway. It requires more configuration and management overhead.

Key benefits of Transit Gateway for this scenario:

• Single network hub for all VPCs
• Simplified network management
• Cross-account support via AWS RAM
• Built-in route propagation
• Cost-effective at scale compared to multiple peering connections
• Better security posture than internet-based solutions