You're describing ELM which requires an external PSC, unless there's a new tool with 6.7 that I'm forgetting. I would suggest joining your VMC on AWS with onsite sso domain in hybrid linked mode. You might also look into the vCente cloud gateway.
HLM is for connecting vcenter in different domain ( vmc vcenter and on prem vcenter). But HLM is one directional, you can manager on prem vcenter through vmc vcenter only.
vcenter cloud gateway is a VM deployed in onprem and provides you ability to manager vmc vcenter from on prem vcenter. ( Reverse of HLM)