I have configured my Cisco ASA to translate internal addresses to external (WAN) interface. Everything works right, internet connection works as expected.
I have created site to site tunnel between ASA and AWS. I was able to ping resources on AWS from hosts behind ASA but not other way around. I have finally discovered that the problem is with NAT Rules.
Here is how I have this set up:

If I disable the last rule (#3), I am able to access internal hosts form AWS but I am not able to access internet.
How do I set this up so when I communicate to and from AWS to inside addresses are not translated, but if I initiate communication from inside to everywhere else but AWS, ASA translates everything to outside (WAN)
obj-amz (VPC in AWS 196.168.0.0)
obj-SrcNet (Subnet INSIDE - behind ASA 10.0.1.0)