Ec2 instance in private subnet can send outbound traffic without NAT gateway

For private subnets, access to the public Internet requires a NAT gateway or NAT instance.
Other outbound traffic (e.g., communications within a VPC) can communicate without a NAT gateway.
Access to AWS services (e.g. S3) requires a VPC endpoint or NAT gateway.

You can use NAT instance, see the difference between the two solutions:

NAT Gateway Vs NAT Instance:

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html

You can also deploy Squid Proxy for internet outgoing access control.

Reference: https://aws.amazon.com/es/blogs/security/how-to-set-up-an-outbound-vpc-proxy-with-domain-whitelisting-and-content-filtering/

It depends what you mean by "outbound". Previous answers have covered IPv4 traffic going directly from your subnet to the general internet or to AWS services. Also IPv6 traffic may use an egress-only IPv6 gateway to reach the internet from a private subnet. And outbound traffic could go via direct-connect or site-to-site VPN to go through an on-prem proxy on the way to the internet or just to reach on-prem servers.