Aviatrix support many ways to do this.
- Build an SD-WAN POP in a VPC/VNET with SD-WAN virtual appliances, and then northbound you build standards-based IPsec/GRE tunnels + BGP over Public or Private peerings to the Aviatrix transit. The aviatrix transits can be instantiated in any region or any cloud, as many as you want, wherever you want. So you can build a nice architecture where your SD-WAN remote sites terminate at the closest POP to where their cloud apps live.
- You can put the SD-WAN appliances in the same VPC /VNET as aviatrix transit and do IPsec/GRE + BGP OR you can do native BGP with no tunneling for higher throughput.
- You can connect Aviatrix transits via IPsec/GRE + BGP over the internet/MPLS/direct-connect/express route to an on-premise physical SD-WAN appliance.
More details can be found on your Aviatrix Youtube Channel where Dana (SD-WAN Expert) has a lot of videos explaining the design and deploy. You can also send an email to firstname.lastname@example.org