Unable to ping private instance in subnet.

When troubleshooting ping connectivity issues with private instances in AWS VPC, there are several potential causes to investigate:

1. Security Group Configuration: Even though you mentioned the security group settings are the same, double-check that the security group for the non-responsive instance allows inbound ICMP traffic from your source IP address.

2. Network ACLs: While default Network ACLs allow all traffic, verify that no custom ACLs have been applied to the subnet of the non-responsive instance that might be blocking ICMP traffic.

3. Route Table Association: Confirm that both private subnets are correctly associated with the route table that has the 0.0.0.0/0 route pointing to the NAT Gateway.

4. NAT Gateway Status: Ensure your NAT Gateway is in an "Available" state and has an Elastic IP address properly associated with it.

5. Internet Gateway: Verify that your VPC has an Internet Gateway attached and that the public subnet (where your NAT Gateway resides) has a route table with a route for 0.0.0.0/0 pointing to the Internet Gateway.

6. ICMP Support: The target you're pinging must support ICMP. You can test this by running the same ping command from your local computer to verify the target responds to ICMP requests.

7. VPC DNS Settings: Check that DNS hostnames and DNS resolution are enabled for your VPC for proper name resolution.

To further diagnose the issue, you can enable VPC Flow Logs to analyze the traffic patterns and identify where the communication is breaking down. This will help you see if the packets are being dropped due to security groups, network ACLs, or routing issues.
Sources
Enable private resources to communicate outside the VPC - Amazon Virtual Private Cloud
Instances within the private subnet are unable to access the internet using NAT gateway. | AWS re:Post
Troubleshoot EC2 instance internet access with a NAT gateway | AWS re:Post