By default, WinRM uses port 5986 for HTTPS listener. Add a new firewall rule to allow inbound connections on 5986 port.
netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=5986
If you work with Azure VM, add a new endpoint for 5986 port on the VM settings page. If you work with AWS EC2 instance, add a new rule to its security group.