In brief, I'm using a secure endpoint connection (EC2 instance connect) that allows only ports 22 and 3389. Is port 22 safe, considering its common use as a connection port?

Port 22 is the designated port for SSH. You should focus more on who is allowed to connect via that port. Example: 0.0.0.0/0 will allow everyone to exploit that connect, so be mindful on which IP you use. Moreover, use IAM policies and the likes to enforce it: https://aws.amazon.com/blogs/security/use-ec2-instance-connect-to-provide-secure-ssh-access-to-ec2-instances-with-private-ip-addresses/