Register EC2 instance to ECS cluster without public ip

I guess I've found the answer on the AWS documentation and it seems I need to use a NAT instance/Gateway :(

Another source and also the official documentaion

"...Container instances need external network access to communicate with the Amazon ECS service endpoint, so if your container instances are running in a private VPC, they need a network address translation (NAT) instance to provide this access. For more information, see NAT Instances in the Amazon VPC User Guide."

PrivateLinks is now available, for both ECS & ECR

With PrivateLinks you can register and operate your EC2 instance and Fargate to ECS cluster without public ip and can also access images from ECR.

Endpoint Required:

For ECS:

EC2 Launch type:

com.amazonaws.region.ecs-agent
com.amazonaws.region.ecs-telemetry
com.amazonaws.region.ecs

Fargate Launch Type:

Just needs ECR & cloudwatch endpoints (mentioned below)

For ECR:

EC2 Launch type:

com.amazonaws.region.ecr.dkr
com.amazonaws.region.ecr.api
com.amazonaws.region.s3 (S3 gateway endpoint)

Fargate Launch Type:

com.amazonaws.region.ecr.dkr 
com.amazonaws.region.s3 (S3 gateway endpoint)

Additionally if you use awslogs driver, you have add cloudwatch endpoint as well. com.amazonaws.Region.logs.