Not sure about any specifics on AWS. But generally if you simply point the default route into a tunnel with any routers or FWs, the tunnel won't come up any more because there is no default route to reach the peer over the internet interface.
Likely you need to have a /32 route for the FGT's wan IP address to the internet on the aws side. If it's dynamic IP, you need to set up FortiDDNS then use the DNS name for the /32 route.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.