My goal is to create an EC2 instance in a private subnet on a VPC that I will be able to ping from external internet.
So far, I have:
When I try to ping the elastic IP address, then pings time out.
What do I need to be able to do to ping the EC2 instance on the private subnet?
Your Amazon EC2 instance is in a private subnet. Therefore, it cannot be reached from the Internet. This is good! That is why private subnets exist.
Therefore, you correctly cannot ping the private instance from the Internet.
In fact, when you ping the Elastic IP address associated with the NAT Gateway, you are actually pinging the NAT Gateway, not the instance. The NAT Gateway is either rejecting the requests and/or has a security group that does not permit inbound ICMP requests.
The NAT Gateway allows outbound communication from resources in a private subnet to the Internet. It does not forward inbound requests. This is per design.