Connect External Public IP to Private VPC on AWS

You're missing an Internet Gateway (IGW) from your list. You should have resources with public IPs (such as load balancers, NAT gateways, and possibly EC2 instances, although not generally advisable) in a "public subnet," with its default route pointing to the IGW.

EC2 instances should normally reside in a "private subnet," whose IPv4 default route would point to a NAT gateway residing in a public subnet, and if you're using IPv6, the IPv6 default route would point to an egress-only internet gateway. These mechanisms allow your EC2 instances or other compute resources to establish outbound connections to the internet, but not to receive inbound connections from the internet.

If you also need inbound access from the internet, the recommended way to do that is to place an Application Load Balancer (ALB) for HTTP/HTTPS or a Network Load Balancer (NLB) for non-HTTP(S) traffic in one or more public subnets. The ALB/NLB would have public IP addresses for receiving connections from the internet. The ALB/NLB would then relay the connections to your private subnets and the compute resources there, such as EC2 instances.

There's more detailed discussion and a nice block diagram in this documentation article: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-private-subnets-nat.html

If you absolutely want to place an EC2 instance directly on the internet, you would do that by placing the EC2 instance in one of your public subnets, with the subnet's route table containing a default route pointing directly to the IGW. If you give your EC2 instance a public IP, this will make it reachable from the internet, as long as the traffic is permitted by the security groups attached to the network interface and not blocked by the network ACL (NACL) of your public subnet: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-example-dev-test.html