Both approaches are valid. Couple of things comes to mind:
- Customer A should make sure they have redundancy in Direct Connect connections or at least have a backup path configured via VPN.
- Direct Connect does not auto-scale in terms of bandwidth so it will be good if they keep "Acceptance Required" setting on the service so they know how much load may be coming from it's customers.
- For Customer B, it should work as Transit Gateway is just a means to reach on-premises DC. You get additional benefit of using ECMP with VPN if you want to scale beyond 1.25Gbps (VGW limit). The idea of redundancy still holds good. Two different transit interfaces to different DX connections should be recommended.
- Using TGW for accessing Private APIs use case is a overkill though. If the intent is only to access Private APIs in on-premises DC then PrivateLink is a better approach. There is more management overhead with TGW, attaching VPCs, routing, likewise.
Multi Account Connectivity using PrivateLink and/or Transit Gateway along with Direct ConnectAccepted Answerasked 3 years ago
Direct Connect Gateway with 2 TGW from Same RegionAccepted Answerasked 4 months ago
Transit Gateway Direct Connect Gateway allowed prefix interactionsAccepted Answerasked 2 years ago
VPN over Direct Connect with Direct Connect GatewayAccepted Answerasked 2 years ago
VPN over Direct Connect with Transit GatewayAccepted Answerasked 3 years ago
Connect remote sites using VPN to access on-prem via existing Direct Connect?Accepted Answerasked 6 months ago
Transit Gateway and SD-WANAccepted Answerasked 3 years ago
Private link access over direct connect - Direct Connect GatewayAccepted Answerasked 4 years ago
Transit Gateway to Direct Connect Gateway to Transit GatewayAccepted Answerasked 3 years ago
Single DC-GW connected to multiple direct-connect linksAccepted Answerasked 7 months ago