The Egress VPC Pattern for Centralised Internet Access

Many VPCs each with their own NAT gateway is wasteful. The egress VPC pattern centralises and saves.

Structure

Dedicated VPC for internet egress. Other VPCs route via Transit Gateway.

Single set of NAT gateways serves all spoke VPCs.

Savings

Fewer NAT gateways: per-AZ baseline cost saved.

Centralised egress filtering: one place to enforce policy.

Trade-offs

Single point of failure: design for redundancy.

Cost of cross-VPC traffic via TGW. Calculate the crossover.