Just to confirm, your LAN subnet is just a single block, 10.1.2.0/23 and is not broken into smaller subnets (like 10.1.3.0/24, for instance), yeah? Only asking because if it is broken into smaller subnets, then the first 4 IP addresses are always reserved for AWS usage.
Can you confirm your LAN subnet(s) are also associated with the route table you listed above?
Have you tried disabling source / dest check completely?
Did you try rebooting the CHR EC2 instance after detaching / reattaching the interfaces?