Your security groups only allow RDP and SSH access, on ports 3389 and 22 (plus ICMP ping). When you attempt to connect to the database you're using port 1521, as your tnsnames.ora
dictates:
(HOST = ec2-xx-xxx-xxx-xx.us-west-2.compute.amazonaws.com)(PORT = 1521))
So you need to add an inbound firewall rule to allow traffic on TCP port 1521 through to your EC2 instance, in addition to the existing ones for 3389 and 22. I have no idea if SQL*Net will be listed in the 'type' drop down, so you might need to select 'All TCP'.
You might also want to make it more restrictive though - limiting the 'source' to your PC's IP address perhaps if this is private, or your company's outgoing Ip if not; if you have a static public IP from your ISP.