I have a scenario where I have 2 VPC both connected with a TGW. In one of the VPC (VPC A) I have a IG and a NAT. In this VPC I'm able to use the NAT to go reach the internet. So that set up is working fine. In my other VCP (VPC B) I have my private subnet pointing to the TGW for all 0.0.0.0/0 traffic. And in my TGW-RT I have a route for 0.0.0.0/0 pointing to the attachment for VPC A.
Here is where I start to get confused. The attachment is set up with two AZ's. So the attachment creates two interfaces, one in each zone, so it can route traffic to all my resources in the VPC. But I am not using the default RT for my VPC; instead I have a RT for my public subnets and another for my private subnets. In the public RT I point 0.0.0.0/0 to the IG and in the private I point 0.0.0.0/0 to the NAT. How does the TGW attachment know what RT to use, how can it determine to send the traffic to the IG or the NAT? Or is TGW-attachments only able to use the default RT?
After some testing I have found that you have to have your TGW-Attachment setup with a private subnet if you want it to be able to reach the NAT. This may not sound so weird. But the weird thing is that it is not documented well.