How to invoke a private REST API (created with AWS Gateway) endpoint from an EventBusRule?

I have setup the following workflow:

• private REST API with sources /POST/event and /POST/process
• a VPCLink to an NLB (which points to an ALB pointing to a microservice running on EKS)
• a VPC endpoint with DNS name vpce-<id>-<id>.execute-api.eu-central-1.vpce.amazonaws.com with Private DNS enabled
• an EventBridge EventBus with a rule that has two targets: 1 API Destination for debugging/testing and 1 AWS Service which points to my private REST Api on the source /POST/process
• all required Resource Policies and Roles
• all resources are defined within the same AWS Account

The designed worflow is as follows:

• invoke POST/event on the VPC endpoint (any other invocation is prohibited by the Resource Policy) with an event payload
• the API puts the event payload to the EventBus
• the EventBusRule is triggered and sends the event payload to the POST/process endpoint on the private REST API
• the POST/process endpoint proxies the payload to a microservice running on EKS (via VPCLink > NLB > ALB> k8s Service)

What does work so far:

• invoking POST/event on the VPC endpoint
• putting the event payload to the EventBus
• forwarding the event payload to the API Destination set up for testing/debugging (it's a temporary endpoint on https://webhook.site)
• testing the POST/event and POST/process integration in the AWS Console (the latter is verified by checking that the event payload reaches the microservice on EKS successfully)

That is all single steps in the workflow seem to work, and all permissions seem to be set properly.

**Whad does not work **is invoking the POST/process endpoint from the EventBusRule, i.e. invoking POST/event does not invoke POST/process via the EventBus, although the EventBusRule was triggered.

So my question is: How to invoke a private REST API endpoint from an EventBusRule?

What I have already tried:

• change the order of the EventBusRule targets
• create a Route 53 record pointing to the VPC endpoint and treat it as an (external) API Destination
• allow access from anywhere by anyone to the REST API (temporarily only, of course)

Remark on the design: I create two endpoints (one for receiving an event, one for processing it) with an EventBus in between because

• I have to expect a delay of several minutes between the Event Creation/Notification and the successful Event Processing
• I expect several hundred event sources, which are different AWS and Azure accounts
• I want to keep track of all events that reach our API and of their successful processing in one central EventBus and not inside each AWS account where the event stems from
• I want to keep track each failed event processing in the same central EventBus with only one central DeadLetterQueue