A company has a multi-account AWS Organizations setup with hundreds of VPCs across multiple regions. The network team needs to centralize outbound internet traffic through a set of inspection VPCs for security monitoring. Which solution is MOST scalable and cost-effective?
Scalable, centralized, and cost-effective.
Why this answer
Option B is correct because AWS Transit Gateway with central VPC attachment allows routing all egress traffic through inspection VPCs, and using a single NAT Gateway per AZ in the inspection VPC is scalable and cost-effective. Option A is wrong because each VPC with its own NAT Gateway is not centralized. Option C is wrong because Network Load Balancer is not designed for internet egress.
Option D is wrong because VPC peering does not scale to hundreds of VPCs and lacks transitive routing.