NAT Instances - Amazon Virtual Private Cloud:
If you are planning use VPC with AWS in your Intra, please remember, if you need private subnet connect to internet also, please create VPC with bigger CIDR ( e.g. /16 ).
if you didn't use biggger CIDR, you need re-try for ever and in the end, you need destroy everything and re-build it. it's so painful and waste your time ... watch this arch carefully!