As mentioned in the footnote, this can be done by using PrivateLink; it costs a few bucks too, but it is the way to go if your VPC does not (or must not, for Complianceā¢ reasons) have internet connectivity.
If your target VPC has neither PrivateLink nor public IPv4 connectivity somewhere, I'm not sure how that would work; I'd love to learn how that was built.
Yeah, sure, we use PrivateLink. In my opinion, it's clickbait to say "almost no AWS API can be used from a VPC without public IPv4 addresses" with a footnote "actually most can if you use the service that enables that".
If your target VPC has neither PrivateLink nor public IPv4 connectivity somewhere, I'm not sure how that would work; I'd love to learn how that was built.