Hi There!
So there are a couple of points to this. You can absolutely utilise SD-WAN for your intra-site traffic. Best design depends on traffic flows. Within AutoVPN (meraki site-to-site VPN) you can utilise a hub and spoke full mesh topology - just depends on if you need traffic routing between all of your sites.
For the vMX, however it is only supported on AWS and Azure at this time. You could use a 'non-meraki vpn' (traditional IPSEC) from each brach MX to worldposta. This configuration is very easily done as you configure it at a 'global' level within your site-to-site VPN configuration.
HTH
Tom
Technical Solutions Architect, Meraki
CCIE #67185