Explanation: Disabling Source/Destination Checks Each EC2 instance performs source/destination checks by default. This means that the instance mustbe the source or destination of any traffic it sends or receives. However, a NAT instance must be ableto send and receive traffic when the source or destination is not itself. Therefore, you must disablesource/destination checks on the NAT instance. You can disable the SrcDestCheck attribute for a NATinstance that's either running or stopped using the console or the command line. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html