A VPC endpoint enables connections between a virtual private cloud (VPC) and supported services, without requiring that you use an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Therefore, your VPC is not exposed to the public internet.
AWS PrivateLink is a highly available, scalable technology that enables you to privately connect your VPC to supported AWS services, services hosted by other AWS accounts (VPC endpoint services), and supported AWS Marketplace partner services. You do not need to use an internet gateway, NAT device, public IP address, AWS Direct Connect connection, or AWS Site-to-Site VPN connection to communicate with the service. Therefore, your VPC is not exposed to the public internet.
What's so insecure of using public internet if all my incoming(to AWS)/outgoing(from AWS) connections use https? Could this still be decrypted?
I'm not very knowledgeable in networking/security that's why I'm asking.
I think you are confusing two architectures.
AWS PrivateLink
can be used. It allows you to expose your application to other AWS users, without them needing internet access or even access to your VPC. They can access your private applications from their own accounts and VPCs.