I'm using static routes in AWS Site-to-Site and there is a tab called "Static routes" (see below). My question is, should the CIDR range entered in this tab be my AWS private subnet range i.e. my AWS private subnet 10.5.0.0/17 or my clients, the network I'm connecting to outside of AWS CIDR range i.e. 192.168.0.0/21
This should the range for the client side outside of AWS. This is discussed in the site-to-site VPN documentation:
If you use a device that supports BGP advertising, you don't specify static routes to the Site-to-Site VPN connection because the device uses BGP to advertise its routes to the virtual private gateway. If you use a device that doesn't support BGP advertising, you must select static routing and enter the routes (IP prefixes) for your network that should be communicated to the virtual private gateway.
Hence, if your customer gateway device uses BGP, you don't need static routes at all - you should use dynamic routes instead as the device will advertise the routes to your VPN. However, if your device does not use BGP, you'll need to specify the static routes to your local network.
