This is an unordered set of answers:
The problem I'm having is that it does allow for Static Routing. I'm just not sure how to set that up properly (e.g. what's the destination IP, what's the subnet mask, and gateways?).
Within a route, the destination IP + mask (or IP/prefixlength) defines what you want to reach, a specific address or a range. The gateway defines how you'll reach it, i.e. the "next hop" to pass the packet to.
Your router will have a page somewhere showing all active routes (static and dynamic). Among them you'll see a route for 0.0.0.0/0 (mask 0.0.0.0), also known as a "default" route because it matches any address. That's the route your router normally uses for Internet access, and its gateway/nexthop will be some router address belonging to your ISP.
Starting a VPN connection will add more routes – when the VPN is meant for Internet access, it will add a second 0.0.0.0/0 route, but this time with a VPN server's address as the gateway (or no address at all, just an interface name).
If the same packet matches multiple routes, the route with longest prefix (or most '1' bits in the netmask) will have the highest priority. (For example, a mask=255.255.255.0 route will take priority over a mask=0.0.0.0 route.) If there are multiple routes with identical destination+mask, priority is set using the "metric" parameter.
So while the VPN is active, you have two 'default' routes for 0.0.0.0/0, but the VPN route has higher priority (lower metric), so that all Internet access will go through the VPN. To override it for a specific destination, you'd add a new route with that destination, copying the gateway parameters from your ISP's main default route.
Specifically, I wanted to tell the router that all my devices except gaming consoles should connect through the VPN. I was told this isn't possible.
It's indeed impossible with regular IPv4 routing.
(Although on Linux it would be possible with regular IPv6 routing, as IPv6 routes can match also on source, not just destination. Unfortunately that's not implemented for IPv4, and in any case you won't find it in TP-Link's configuration screens anyway.)
However, it's possible with the "policy routing" feature that was mentioned by @dirkt. Policy routing inserts an additional step before regular routing – it lets you create several independent routing tables and define rules when to use which table.
For example, you could define that packets from your gaming console will use table 1 (with regular ISP's default route in it), and packets from other devices will use table 2 (with the VPN's default route in it).
Amazon publishes a list of their IP ranges, but there's over 1000 of them. If static routing is indeed the answer, do I need to add a case for all the published IPs?
With standard routing, yes, you would need to list all destinations.
Policy routing changes the situation, as it lets the device make routing decisions based on other parameters, such as source address, or the protocol/port in use.
route
command?