Say we have an ec2 instance within a private subnet on AWS (or GCP). Let us also say that there are two potential ways for it to access an AWS service -

a ) access via the internet (through a NAT Gateway) and

b)  VPC endpoint for the same service (e.g. SNS).

Which option will the EC2 instance choose?

It will always take the route with the longest prefix. So - in this case, 0.0.0.0/0 (NAT Gateway) is the SHORTER prefix. Hence, it will opt forthe route with the VPC Endpoint.