Do I need to expose ports in AWS-hosted custom GameLift servers to allow game clients to connect?

I'm in the process of setting up a game server using AWS GameLift. I integrated a prototype server (Unity + GameLift server SDK for Unity) that successfully launches a game session. The server build is successfully created, a fleet is launched, and a game session is started (using AWS CLI for testing purposes). After that, I create a player session and try connecting to my game server using the DNS (or IP), the configured server port (which I also configured using the fleet's EC2 port settings), as well as the player session ID (which I want to send to the game server in an initial RPC call as authentication). My game client can't establish a connection to the server however and times out, never activating the player session. What am I missing? Is there some additional security configuration needed, or do game clients need to authenticate with AWS in order to access my GameLift-hosted server? The setup works locally, so client/server communication works on a local host and also across the network (tested with a colleague using a tunnel).