As you know AWS uses private IP address block in VPC. If you install a Pfsense as a NAT Instance, you will see private IP for WAN interface. You can assign en Elastic IP but it will not be visible by ec2 instance.
For that reason, If you are creating a IPSec tunnel you need to set Peer identifier under Phase 1 Proposal (Authentication) on other remote peer of pfsense on AWS.
If you use public IP address of pfsense as Peer identifier you will get
IDir ‘10.1.1.1’ does not match to ‘X.X.X.X’ (X.X.X.X is Elastic IP of AWS pfsense)
Choose ‘IP address’ as Peer Identifier(default: Peer IP Address) and enter IP address of pfsense ec2 instance WAN IP(10.1.1.1 in this example)