The main default route allows the return path to clients. For example when you create the tunnel return traffic should go back out the outside interface gw.But when users are tunneled, all their traffic is going to leave the Inside interface. You nee...

I am taking a shot in the dark, and am having the same problems as you are, but have you created a tunneled route?  ip route inside 0.0.0.0 0.0.0.0 [aws gw] tunneled    If you can get internet routing working I definitely want to compare notes.