Is it possible to use AWS SDK Cognito within a private subnet without internet access?

To set the scenario, I have applications that uses AWS SDKs like Boto3 (Python) and aws-sdk (NodeJS) that are residing within a VPC with private subnets that strictly should have no internet access, while trying to sign up and auto confirm new users in the cognito user pool.

I notice that when these application attempt to call Cognito Identity Provider services using said SDKs, the SDK client would not receive any response.

Could someone please explain why this is the case, is it only happening for Cognito Identity Providers? And given that it is a requirement that the applications should still remain within the private subnet, is there possibly a way for these applications to make use of the SDKs?