Apart from what you have already, you need these:
setup an ELB that forwards 80 (HTTP) to 3000 (HTTP) security group that accepts traffic inbound on port 80 from 0.0.0.0/0
You also need to have outbound access on port 3000 from ELB to your private subnet where the EC2 instances are running.
This is not working. If on the EC2 instance I allow port 3000 from 0.0.0.0/0 it works.
This makes me believe that your EC2 instances are running in the Public Subnet of your VPC. It should be running in side a private subnet of VPC.
Besides, Make sure that your ELB is running in the Public Subnet of your VPC.