Best practices are to use an EIP (elastic IP) as the VNS3 controller's Public IP and configure the clientpacks to point to the Public DNS URL of the controller.
This allows you to move the EIP to a new VNS3 controller instance in the event of an instance upgrade or DR event without modification to your connected Overlay client servers (private IP/private DNS hostname would change between instances).
AWS resolves an external DNS hostname to the public IP address of the instance outside the network of the instance, and to the private IP address of the instance from within the network of the instance (source - http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html).
So using the DNS host name gives you the best of both worlds and maximum flexibility.
This is also true when Peering multiple VNS3 instances that are part of the same network topology. Enter the AWS DNS name in the Peering configuration rather than the public or private IP.