Thank you for the query!
I understand you are having VDOM A on which you have VPN terminated to AWS, then you have VDOM B from where the user initiates the traffic to AWS. Please let me know if I misunderstood.
If the above is the case, and VDOM A is encrypting your traffic to AWS. You may use the inter VDOM link and route the traffic between VDOMs.
For example, your AWS network is 10.1.1.0/24, and VDOM B network is 10.1.2.0/24
In the VDOM A, you can create two routes:
10.1.1.0/24 pointing to VPN Tunnel
10.1.2.0/24 pointing to InterVDOM link to VDOM B
then create the policies accordingly.
In the VDOM B you may need to create one route:
10.1.2.0/24 pointing to InterVDOM link to VDOM A
Create the policies accordingly.