I recently created a VPC with 2 public and 2 private subnets with a NAT instance and spent considerable time on getting the internet work from the private subnet.
The VPC configuration for my project is looks very similar to the one described here.
Even after getting all the configuration done (Elastic IP for NAT instance, Security Groups, and Disabling Source/Destination Check), the outbound traffic to the internet (from private subnet) didn't work till I found this blogpost - https://rbgeek.wordpress.com/2014/04/23/add-a-custom-nat-instance-in-aws-vpc/
The command that did the trick was executing the following on the NAT instance
iptables -t nat -A POSTROUTING -o eth0 -s 10.100.20.0/24 -j MASQUERADE