Forge load balanced application with single outbound IP?

I have an application on Forge/AWS. It is made up of a LB (setup in Forge), a few app servers (EC2s), and a handful of additional (EC2s) dedicated to running queue workers.

Everything works fine but I would like to have these boxes make outbound HTTP/LDAP calls to the internet over a single IP address (making it easier for my users to whitelist my servers on their firewalls) instead of whichever app server/worker server is tasked with the request.

I believe I need to create a NAT Gateway in AWS, assign an elastic IP to it, then make an outbound rule for my app servers/worker servers to use that NAT Gateway. That would force every request to come from that single IP. Does that sound correct?

Will this change how I connect to RDS or Redis servers as well?

Is there anything I should know before hand when it comes to doing this with Forge? Any guidance or suggestions would be great.

Thanks!