Design for Exposing Private Subnet Database securely via AWS Private Link

Many of the Enterprises are planning to migrate their workload to AWS Cloud. They want to move fast by executing Lift and Shift with Tinker Migration Pattern (not getting into the reasons of why this pattern) but typically face a challenge captured below:

Application 1 owned by one Delivery Unit and Application 2 owned by another Delivery Unit, but there is also a hook from Application 2 to Database of Application 1. A typical data sharing pattern in the enterprises. With this constraint, how can one perform migration, assuming no time to Refactor the Application 2.

Migration Constraints — Here are the constraints that needs to be understood

1. Each Application to be hosted in their own Virtual Private Cloud (VPC) in a different AWS account.
2. Database cannot be exposed over Internet
3. Once moved to AWS, the Database of Application 1 can also be shared by other Applications (running already in AWS), and the CIDR of the VPC may overlap — now this is important

Some of the options that were possible if Constraints could be ignored:

1. Make Database exposed over Internet and then restrict access via Security Group and NACL combination.
2. Use VPC Peering and…