In a thread on the EC2 forum, Marko describes a situation where an outbound firewall prevents the ability to ssh to port 22, which is the default port on all EC2 instances.
In that thread, Shlomo Swidler proposes creating a user-data script that changes sshd to listen on a port the firewall permits.
Here’s a simple example of a user-data script that does just that. Most outbound firewalls allow traffic to port 80 (web/HTTP), so I use it in this example.
The first step is to create a file containing the user-data script: