TL;DR
It's your choice. Technically one NAT instance can serve all private subnets in one VPC.
A bit longer:
First we distinguish between NAT Instance (EC2 instance configured to be a NAT GW, managed by end user) and NAT Gateway (NAT Instance managed by AWS).
If it's NAT Instance, then the person implementing it needs to understand a lot more on how to implement one. Answer to this Q will not be enough for that.
If it's NAT GW then AWS says "Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone". Which I interpret as: As long as the whole AZ is not down, AWS guarantees HA for NATGW (possibly with service interruption or degradation).
Technically you should be good with a single NAT GW in any one of your public subnet as long as the rout table of all 3 private subnets provide a route to this NATGW (and implicit I guess but security-group/acl are configured to allow use of that route). You of course pay for bandwidth usage between AZs due to this config.
But obviously this is not fault tolerant in case that AZ goes down.
If you don't want all your private subnets to loose Internet connectivity when the NAT GW is down then you need to have more NAT GWs. Decision on whether to have more than one and if yes then how many is case-to-case I guess.
If you have 2 NAT GWs, then for a failover to happen you'll need to setup monitoring and failover to ensure that if an AZ goes down, all private subnets (that were served by NAT GW in that AZ) start sending traffic to the other NAT GW. Good explanation here. This is a bit of work AFAIK.
Finally, the relation between EIP and NAT GW is one-to-one. So yes, you'll have to create one EIP for each NAT GW you create.
