I did a lot of shoveling to create a custom VPC and run ElasticBeanstalk EC2 instances in a private subnet.
Make a note of it to avoid future mistakes.
com.amazonaws.{region}.elasticbeanstalkcom.amazonaws.{region}.elasticbeanstalk-health (if using Enhanced Log)com.amazonaws.{region}.cloudformationcom.amazonaws.{region}.ecr.api (if using ECR)com.amazonaws.{region}.ecr.dkr (if using ECR)com.amazonaws.{region}.logs (CloudWatch)com.amazonaws.{region}.s3 (both Gateway / Interface)com.amazonaws.{region}.sqsPrivate DNS settings must be checked. (Excluding S3 Interface)