[jhinds]

We've been using the Session Manager with instances in private subnets without issue, works like a charm.

[bogomipz]

Is there anything special that needs to be configured to get this to work on private subnets?

Currently I have an EKS cluster accessible only on private subnets. It would be wonderful to to be able to access this without OpenVPN in the mix.

[exidy]

The instances establish an outbound connection to the API SSM API, so as long as they can hit that, Session Manager will work.

Connectivity from a private subnet to the AWS API could be (a) NAT gateway (b) HTTP proxy (c) PrivateLink VPC endpoint.