The EC2 instance in question is in private subnet, and does not have Internet access enabled through NAT by design. Currently, my Lambda is in a public subnet connected to the same VPC.
When I try to invoke Lambda, I receive Connection to lambda.us-east-1.amazonaws.com timed out.
Amazon EC2 instances cannot "access a Lambda function", but they can certainly call the AWS Lambda API to invoke a Lambda function.
However, the API endpoints for AWS services all reside on the Internet. Therefore, calling an API requires access to the Internet. (Two exceptions to this are currently Amazon S3 and Amazon DynamoDB, which can use a VPC Endpoint to access the API endpoints.)
Therefore, to invoke the Lambda function from an Amazon EC2 instance in a private subnet, you will need a NAT Gateway and a private route table configured to send Internet-bound traffic to the NAT Gateway.
The fact that the Lambda function is connected to your public subnet is irrelevant for invoking a Lambda function. It simply means that the Lambda function, when running, can access resources within the VPC. (In fact, Lambda functions are normally connected to private subnets rather than public subnets, since they can only access the Internet if their traffic is routed through a NAT Gateway.)
When you try to invoke the Lambda function it doesn't matter where the Lambda function is at all. That's because you aren't connecting directly to the Lambda function when you are invoking it. You are connecting to the AWS API to invoke the Lambda function. The only way you would be able to do this from an EC2 instance in a private subnet would be through a NAT Gateway.
