A company is using AWS Transit Gateway to connect multiple VPCs and on-premises networks via VPN. The security team wants to inspect all traffic between VPCs before it reaches its destination. Which architecture should be used?
This allows centralized traffic inspection.
Why this answer
Option B is correct because Transit Gateway supports centralised inspection by routing traffic through a security appliance in a dedicated VPC. Option A is wrong because VPC Peering does not support central inspection. Option C is wrong because Direct Connect is for on-premises, not VPC-to-VPC.
Option D is wrong because VPN CloudHub is for connecting multiple VPNs, not for inspection.