Static route defined by Internet Service would be the easiest way. Can also be done using SD WAN features as well if you want to get tricky with it.

Link to ISDB static route setup.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD44627

A directing table moves the traffic inside a VPC that is coming from the door and splits it between subnets. Each VPC has a default course table that is associated with each subnet. Then again, we can make our own course table to characterize the progression of traffic inside VPC. Accordingly, I have made a different course table and afterward I have appended it to the web door with IP 0.0.0.0/0, and afterward I have related two subnets to this independent course table. Thusly, I have made two of my subnets (out of three)to have community, while the third subnet is simply joined to the default course table (still private).

A significant note to have is that each VPC can have one web passage. At the point when I attempted to connect another entryway, the framework didn't permit me to do as such.
As different administrations inside AWS requires a security gathering to characterize inbound and outbound traffic, the VPC additionally requires so. Subsequently, I have given HTTP inbound traffic and full outbound traffic. This implies any HTTP demand rolling in from the web passage will be permitted to reach inside the organization, and SSH is likewise permitted. In any case, each sort of result traffic will be permitted toward the web.
At the point when an organization is set up, it is basic to screen any progressions for the sake of security. In this way, we need to set up a log stream that will follow every single movement inside our VPC and send it to the ideal objective. We can either send it to s3 and afterward utilize the information for examination, or we can send it to cloud watch. I have set up my stream log to be shipped off CloudWatch with a fitting IAM job.
For More information visit: AWS course in Pune