I say sorta because it's built on an old version of Amazon Linux and is headed towards EOL with no replacement except "go build your own" as you suggest.
Another thing: EC2 instances (VMs) have a "Source/Destination IP check" which makes them ignore any packets not intended for them. If you want an instance to do NAT, you need to turn this off.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Ins...
I say sorta because it's built on an old version of Amazon Linux and is headed towards EOL with no replacement except "go build your own" as you suggest.
https://www.lastweekinaws.com/blog/an-alternat-future-we-now...
AlterNAT uses managed NAT Gateways as a fallback when the NAT Instance is out of service, but again you will have to make your own NAT AMI.
This is not to excuse AWS' frankly absurd NATGW pricing, but to point out other ways around it.