This configuration is fine but the issue is sometimes like 10% of the call have issue.
The call is successfully route but each end of the call cannot hear the sound from the other end.
What may the issue?
You cannot just use a bare bones config without understanding the settings you are leaving out. All of the endpoint settings that deal with NAT are sent and all of their defaults are for a no-NAT setup.
direct_media default to yes, it should be no.
rtp_symmetric defaults to no and it should be yes
rewrite_contact defaults to no and it should be yes
force_rport defaults to yes, this is the only default that is correct for this use case.
You need to fix your trunk/extension endpoint configs so that it is setup to handle NAT properly.
direct_media is the only real likely problem setting here. The other ones are work rounds for peer systems that are behind NAT (not generally the case for providers) and do not compensate for that by doing the equivalent of Asterisk’s external signalling and media addresses and local networks. A provider who needs any of the remaining three should be avoided, as they don’t know how to configure their systems properly.
Setting them on is mainly harmless, which is why they tend to get set when not needed. However they can break some Cisco systems.
Note that I said trunk/extensions. The extensions will need it since this is in the cloud at AWS and NAT’d there. Since they are harmless on the trunk and I doubt the provider is using Cisco, this all should be fine.