A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations. The company's AWS accounts contain hundreds of VPCs. The company wants to connect its AWS accounts to its on-premises network. AWS Site-to-Site VPN connections are already established to a single AWS account. The company wants to control which VPCs can communicate with other VPCs. Which combination of steps will achieve this level of control with the LEAST operational effort? (Choose three.) A. Create a transit gateway in an AWS account. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM). B. Configure attachments to all VPCs and VPNs. C. Setup transit gateway route tables. Associate the VPCs and VPNs with the route tables. D. Configure VPC peering between the VPCs. E. Configure attachments between the VPCs and VPNs. F. Setup route tables on the VPCs and VPNs.