There is a lot of great advice out there about remote debugging in Visual Studio. But what I didn’t find was what I needed, so I’m adding it here.
Depending on how you are running the remote debugger you may need TCP port 135 or 4015. Also I think I saw the service wants UPD ports 450 and 4500 open. I opened all of those both in Windows Firewall and AWS security group. This allowed me to get the initial connection but then the process would hang.
So after many dead ends I downloaded and fired up TCP View on the AWS server and low and behold I found that the remote debugger process (msvsmon.exe) was also opening two ports in the 49000’s. This would be different every time it started. (I was running it manually with no authentication.) The solution to the problem was opening ports 49200-49499 in the AWS security group.