EC2 Image Builder not working in the private subnet

Hi, I happened to see someone in our organisation contact AWS support about this very thing a few days ago. In summary, the outcome is that outbound internet access is required so your subnet needs NAT Gateway access for example. Here's part of the response from Support:

I reviewed ... and was able to obtain the entire error which is broken down below: "reason": "SSM execution 'xxx' failed for image arn: 'arn:aws:imagebuilder:xxx' with status = 'Failed' in state = 'BUILDING' and failure message = 'failed to download the EC2 Image Builder Component 'arn:aws:imagebuilder:xxx:component/aws-cli-version-2-linux/1.0.3/1'. Error - operation error imagebuilder: GetComponent, exceeded maximum number of attempts, 3, https response error StatusCode: 0, RequestID: , request send failed, Get "https://imagebuilder.ap-southeast-2.amazonaws.com/GetComponent?componentBuildVersionArn=arn%3Aaws%3Aimagebuilder%3Axxx%3Acomponent%2Faws-cli-version-2-linux%2F1.0.3%2F1": dial tcp 52.63.252.130:443: i/o timeout'" ...

From the output we can see that it failed to connect to the IP 52.63.252.130 TCP port 443 (https). We can rule out a DNS issue based on the above output but not necessarily a connectivity issue.

From the infrastructure configuration, I can see that the ... instance ... will fail when trying to connect to resources on the public internet.