The only way to do it today on AWS side is via allowed prefixes on DXGW with TGW (not in all Regions yet): https://docs.aws.amazon.com/directconnect/latest/UserGuide/allowed-to-prefixes.html
To give you an idea, VPC could have 2 CIDR ranges. Primary used for EC2 and the other for CIDR for containers. You'd only allow (originate) the primary prefix on DXGW in this case and the other CIDR would not be advertised.
Customer of course could always just filter out whatever CIDRs they don't want on their end. Fairly trivial but you'd want to use at least 2 x CIDRs in your VPC to make their life simpler.
Direct Connect Public VIFasked 7 months ago
Is it better to have a single Direct Connect Gateway or multiple Direct Connect Gateways?Accepted AnswerEXPERTasked 5 months ago
Public ip address connectivity in AWSasked 7 months ago
Secondary CIDR VPC block - Direct ConnectAccepted Answerasked 4 years ago
What will Route53 do if client ip matches multiple CIDR blocks in different CIDR Locations?asked 3 months ago
Will AWS ever prevent sending of email from BYOIP IPs?Accepted Answerasked 4 years ago
Direct Connect Hide VPC CIDR Blocks from BGP PeerAccepted Answerasked 3 years ago
EKS pods get node IP address instead of IP from Calico IP PoolAccepted Answerasked 6 months ago
Transit Gateway connection from customer gateway using Palo Alto without BGPAccepted Answerasked 3 years ago
Workaround to overlapping IP address rangeAccepted Answerasked 3 years ago