EC2 graviton Connection refused on opened port in security group

Hello,

Thank you for posting your question. Aside from your security group, there are a few other items to check:

1. Is there a service actually listening on the OS on port 9800? If you can access it via SSH or other means, I would recommend running commands such as netstat -tulwn | grep 9800 or ss -tulwn | grep 9800 to ensure there is a service listening. In addition, it should be listening for all traffic (0.0.0.0:9800 or *:9800) versus local traffic only (such as 127.0.0.0:9800).
2. Is the nc command being run from your local PC or another instance? In the former case, you will also want to be sure your instance is within a public subnet to be accessed over the public internet and network access control lists for the relevant subnet in your VPC have rules to allow traffic in and out over 9800.
3. Can you confirm that the domain name is pointing to the expected address via a host <domain> or dig <domain> command? Similarly is there any difference when using the IP?
4. Are there any firewall services running on either the client side or server itself such as ufw, firewalld, or services such as iptables?

The following documentation goes over several causes of connection timed out or connection refused errors when it comes to SSH though a similar process can be followed for troubleshooting why you are unable to access ports on your instance as expected [1]. I hope that the above questions are helpful in the troubleshooting process. In the event you have AWS Support enabled for your account, you can always certainly reach out for further assistance troubleshooting through the support console [2]. Have a great rest of your day and thank you again.

[1] Connection Refused - https://repost.aws/knowledge-center/ec2-linux-resolve-ssh-connection-errors

[2] AWS Support Console - https://support.console.aws.amazon.com/support/home