Can't connect from AWS EC2 instance to AWS SES endpoint

Disclaimer: my AWS networking skills are basic.

I have an EC2 Windows server instance in a private subnet. I connect via a VPN. FOR TESTING I put it in a Security Group that allows all IPV4 TCP traffic. I turned off Windows Defender Firewall. I can surf the web, so I can use port 80/443 going out. Now I want to connect to email-smtp.us-east-1.amazonaws.com on port 25.

In Powershell this times out:

test-netconnection email-smtp.us-east-1.amazonaws.com -port 25

Any suggestions where to look next?

It is likely that you haven't requested to lift the restrictions on port 25.

AWS blocks outbound traffic on port 25 (SMTP) of all EC2 instances and Lambda functions by default.

Reference: https://repost.aws/knowledge-center/ec2-port-25-throttle

And of course after that make sure your security group allows port 25.

One note on this is that all connections to AWS SES must be TLS encrypted. I would recommend that you use port 587 or port 465 instead.

https://docs.aws.amazon.com/ses/latest/dg/security-protocols.html#security-client-to-ses-smtp

If you must use port 25, you need to figure out a way to connect to AWS SES SMTP endpoint using TLS.

I haven't tested this website but this might help