The resources in public subnets can be accessed by using the public IP and enabling the security group to receive connections. For private subnets, you have at least three ways to do this, as follows:

• Jump on a bastion host in one public subnet, and, from there, reach the private resources.
• Use site-to-site VPNs from the AWS VPN service, https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.html, to the physical router/s in your office. You can connect two routers, for redundancy. 
• Place a virtual VPN software in an EC2 machine and connect your device to it. There are countless solutions that do this, and many are in the AWS Marketplace, ready to be used in exchange for a monthly fee. 

The preferred option, if you have an office with physical routers, is always the site-to-site solution.