How to update federated gateway within VPC?

Hi all! I’ve been struggling to put together a decent setup on AWS for federated graphql. At this point, I have something like this:

public API Gateway -> containerized Apollo Gateway -> private API Gateway -> containerized Apollo Server.

I don’t think this is a particularly “exotic” setup or anything, but I’m a bit unsure as to how I should actually update the super graph / apollo gateway when things are in a private gateway / VPC. I like the idea of having a Lambda function that is responsible for updating the schema, i.e. a central point where the schemas are fetched from within the VPC and then updated in Apollo Federated Gateway… but I’m not really sure if this is possible, or if there is some super simple thing I’m not realizing.

In the past, I’ve simply used rover command to do this through our build pipeline (e.g. circleci or github actions), but again now everything is inside a VPC and I’d love a more programatic, central places I can simply execute a function or something to make sure all graphs are updated.

Any patterns for this?