I would like to do this system:
But I would also like to access the internet from the private servers, for example, for web crawling or third-party REST API access.
How do I plugin the NAT gateway into this configuration? Do I need one? Where does it connect to?
I did what I could with my GIMP skills:
You could have two route tables:
For public subnet:
For private subnets (two subnets can use same route table):