>Unfortunately, AWS doesn’t provide API endpoints for most services inside VPCs; they have public addresses

S3 VPC endpoints are supported from 2015; KMS endpoint has been added in Jan 2018.
Full list is here:
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html

>The problem, though, was that we had no easy and user-friendly way to connect developers to the VPC

Now we have quite easy and friendly way to connect developers to VPC using standard OpenVPN client:
https://aws.amazon.com/ru/blogs/networking-and-content-delivery/introducing-aws-client-vpn-to-securely-access-aws-and-on-premises-resources/
So no more reason to discard RDS option any more ;)