Because of its scale, the VPC network infrastructure was implemented as a software-defined network. It emulates Ethernet but it isn't Ethernet. There are no collision or broadcast domains, and no multicast. In fact, when one instance "arps" for another one, even that traffic never makes it to the destination instance -- the (correct) arp response is actually generated by the network. And, there is no provision for port mirroring.
Aside from running tcpdump on an instance itself, the only alternative that comes to mind involves a layer 3 setup.
You'd configure a separate instance -- where you'd be capturing the traffic -- and then use iptables to NAT the traffic on behalf of the internal instance(s) whose traffic you're intercepting. The capture/NAT instance would be placed on a "public" subnet (definition: a subnet whose default gateway is the igw-xxxxxxxx Internet Gateway object) and would have the monitored instance's public IP(s) attached to it, instead of them being attached to the instance where the traffic ultimately terminates. The capture instance's "IP source/dest check" attribute would be disabled.
Then, the monitored instances would be placed on a private subnet (definition: a subnet whose default route is not the igw). This subnet's default gateway would point to the capture/NAT instance, as the return path for all of the NAT-ed traffic for translation in the reverse direction.