Thanks for the solution. I had no idea what Security Groups were and never checked there. I opened the port there and everything works as expected!
I installed UFW on my server like the book said, but it seems that Security Groups override UFW? Is UFW now useless and should be uninstalled if Security Groups does the same thing?
In the Ubuntu forum, I got this advice:
Let the router perform port translation, so it listens on 53425/tcp and forwards to an internal LAN IP:22/tcp where the ssh server is listening. This provides 2 different ports - 1 for internal use (the default) and one for external use over the internet.
Is this done in Security Groups as well, or would you know how to do this? I noticed in my logs that there were like 100,000+ SSH hack attempts on port 22 in just 2 days on my empty test server (not to mention a huge log file), so I was thinking a non-standard SSH port might help throw these bots off.