I setup and am using a NAT Gateway per these instructions:
AWS Lambda: How to setup a NAT gateway for a lambda function with VPC access
The Lambda functions using the private subnet with the NAT Gateway now seem to be able to access the Internet. So that's good.
However, I launched an EC2 micro-instance with a public IP address into the private subnet, and I cannot connect to it via SSH. There is some reference to this issue in the question I linked aboved, namely that it is technically a misconfiguration, but I was hoping someone could explain in detail why this is the case and why the EC2 instance is inaccessible.