Do you have IKE allowed for the zone that your gateway ip addressed interface is in?
for example
set security zone security-zone untrust host-inbound-traffic system-services ike
Also this could be a reachability issue. Can you traceroute witha source of your gateway interface to the AWS and confirm reachability.