AH! Are you doing it as 'domain-based' VPN or 'route-based' VPN? My customer AWS VPN is route-based VPN (albeit with static routes). The interoperable object has a VPN domain with a group object that is empty (no group members).
AWS has the VPN template you can download and follow the config samples in their document. You have to do their template because when you download it, they supply the local/remote IPv4 addresses for your VPN tunnel CLISH commands. It'll be 169.254.xxx.yyy
Then do static-route for the remote LAN behind the AWS gateways. In your security policy, you'll use VPN directional matches for traffic to/from the AWS VPN domain. In the community, you'll have DPD with Permanent Tunnels.
With this setup, I see in my VPN debug the "DPD_R_U_THERE" and "DPD_ACK" IKE messages. This is on R80.30, too.
As weird as it seems, the AWS template had the perfect config for it. I was surprised. 🙂