I think you'll find you can solve this via ssh config. Specifically using ProxyCommand -- in the case of Ansible anyway. You can then ssh reference an internal address.
I was asking less about VPCs in general, more the use of the VPN->VPC or Bastion approach to bridge into that network.
I was asking less about VPCs in general, more the use of the VPN->VPC or Bastion approach to bridge into that network.