I have a number of resources in a VPC (ECS tasks mostly but doesn't really matter) where inbound traffic goes through an ALB.
However, I need to route outbound traffic through another VPC (and its NAT gateway) in a separate region. I've been fiddling with Transit Gateway and configured a manual setup with two VPCs in the same region where outbound traffic from VPC A routes through a NAT gateway in VPC B. It took a while but I finally got it working.
However, I'm trying to do the same across regions and I believe that the most straightforward way to do it is by peering Transit Gateways i.e. in the use case above VPC B is in a separate region and attached to its Transit Gateway and the two Transite Gateways are peered (VPC A's and VPC B's).
There are my current questions, any help is appreciated so thanks in advance:
- Is my solution even possible? As I've dug into it, I'm not sure. I don't see how I can route traffic to the NAT Gateway in the destination VPC. Not yet.
- Is the double TG cross-region approach I have in mind the best way to do this?
- I plan to automated the above when I have something working via the CDK. In my experience IaC is more challenging with resources like ACM certificates and peering (VPC or TG) connections. Any recommendations on that front would be great too.
