By default, WinRM uses port 5986 for a HTTPS listener. Add a new firewall rule to allow inbound connections on the 5986 port.
netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=5986
If you work with an Azure VM, add a new endpoint for 5986 port on the VM settings page. If you work with an AWS EC2 instance, add a new rule to its security group.