In this tutorial I am assuming , you must be running VPC in AWS.
Instances that you launch into a private subnet in a virtual private cloud (VPC) can't communicate with the Internet. You can optionally use a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from receiving inbound traffic initiated by someone on the Internet.
To launch NAT instance in AWS , search for NAT in community AMI section , AWS provides lots of NAT instances AMI .
On the Configure Instance Details page, select the VPC you created from the Network list, and select your public subnet from the Subnet list.
Once NAT instance launch disable the SrcDestCheck attribute for the NAT instance.
Click on “Yes,Disable”
Connect to the NAT instance using terminal emulation software (i.e. putty), and allow the ip forwarding on it:
Uncomment the below line
Issue the Iptables command for MASQUERADE:
iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o eth0 -j MASQUERADE
Modify the NAT instance security group to allow all or desired inbound traffic from private subnet (In my case, 10.100.20.0/24) or desired server.
Create a custom route, associate your private subnet(s) to it and make a default route to use the NAT instance as a gateway: