I have questions related to the subject "Hub-Spoke (Multi VPC) Egress via Nat Gateway or Nat Instance".
I have Spoke A,Spoke B, Connected via Transit Gateway which is connected to SECVPC.
All the routes of VPC SpokeA and SpokeB are directed to TransitGateway and Transit Gateway routes 0.0.0.0 to SECVPC.
In SECVPC , I have route 0.0.0.0 to NAT Gateway or NAT Instance. [disabled src/dst for NAT Instance] I am able to send traffic from SECVPC to internet without issue.
But, SpokeA and SpokeB aren’t able to reach Internet via SECVPC NAT Gateway or NAT Instance.
Any thoughts ?
This does sound like it could be a routing issue as mentioned above,
Is this something you are trying to set up in production? If so I would get in touch with AWS and see if they can review your configuration, or at least look at your design?