You would probably have the default ACL applied which should by default permit all IPv4 inbound and outbound traffic.
Security groups are stateful so any outbound traffic sent from an instance is allowed a return response regardless of the inbound rules you have defined. Responses to allowed inbound traffic are also not blocked regardless of any outbound rules applied.
If you created and applied the security group then you will need to add the necessary inbound rules. By default this security group includes an outbound rule that permits all outgoing traffic.
The default security group allows all inbound traffic (and by default all outbound traffic) unless additional rules have been applied. If you are using the default security group I would suggest removing any added rules then attempting another demo connection to see if that works. I’m assuming the demo port is 11400.