I did a lot of shoveling to create a custom VPC and run ElasticBeanstalk EC2 instances in a private subnet.
Make a note of it to avoid future mistakes.
com.amazonaws.{region}.elasticbeanstalk
com.amazonaws.{region}.elasticbeanstalk-health
(if using Enhanced Log)com.amazonaws.{region}.cloudformation
com.amazonaws.{region}.ecr.api
(if using ECR)com.amazonaws.{region}.ecr.dkr
(if using ECR)com.amazonaws.{region}.logs
(CloudWatch)com.amazonaws.{region}.s3
(both Gateway / Interface)com.amazonaws.{region}.sqs
Private DNS
settings must be checked. (Excluding S3 Interface)