As DataCorp Inc. migrates to AWS, they need a secure, multi-account environment with private network connectivity and centrally managed access, including MFA and role-based permissions. Given separate accounts for development, staging, production, and shared network are required with specific connectivity rules (production and shared network to all, development and staging to each other only), what steps should a solutions architect take to fulfill these requirements? (Choose three.)