Can't create one-way trust

Hello,

I'm trying to create a one-way forest trust between our AWS managed AD and on-premise domain but when creating the one-way trust in Directory Services Console, it fails. I'm following this blog, https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_tutorial_setup_trust_create.html. I have thoroughly read, re-ran the tutorial, deleted and re-created the trust but it keeps failing. Is there a fix or work around for this? The error message that I get is "Trust relationship status failed: The remote domain is not reachable. Please ensure your security group settings are correct and your conditional forwarder is configured properly". I've checked and verified the security group and that the ports (from the tutorial) allows incoming traffic from our domain and outgoing is open to all. I've also checked with our security team to make sure our on-prem firewall isn't blocking 172.24.0.0/16 (managed AD CIDRs) traffic to our domain. The conditional forwarder are configured correctly on our on-prem DNS and as well as on the managed AD DNS settings. I can ping to the AWS managed AD from our domain and can ping from the ec2 instance, joined to the managed AD, to our domain.

Any help is appreciated!