It looks to me that your router is advertising "localhost". That's a configuration issue and would prevent any client not on that same computer from connecting. You need to fix your router's advertised address.
I added ziti ops verify network a while back but they haven't been used much lately but it might help here.
Run them on your controller and router. For example I made a "bad" configuration and tried it:
ziti ops verify network --controller-config-file ip-172-31-47-200.yaml.bad
INFO Verifying controller config: ip-172-31-47-200.yaml.bad
ERROR controller advertise address at localhoost:8440 cannot be reached.
INFO verifying 2 web entries
INFO verifying 1 web bindPoints
INFO web entry[client-management], bindPoint[0] address at ec2-3-18-113-172.us-east-2.compute.amazonaws.com:8441 is available.
INFO web entry[client-management], bindPoint[0] is valid
INFO verifying 2 web bindPoints
panic: input is invalid:
and
ziti ops verify network --router-config-file ip-172-31-47-200-edge-router.yaml.bad
INFO Verifying router config: ip-172-31-47-200-edge-router.yaml.bad
INFO ctrl endpoint at ec2-3-18-113-172.us-east-2.compute.amazonaws.com:8440 is available.
INFO verifying 2 web link listeners
INFO link listener[0] at ec2-3-18-113-172.us-east-2.compute.amazonaws.com:10080 is available.
INFO link listener[0] is valid
INFO link listener[1] at ec2-3-18-113-172.us-east-2.compute.amazonaws.com:20080 is available.
INFO link listener[1] is valid
INFO verifying 2 web edge listeners
WARNING listener binding[0] ports differ. make sure this is intentionalog. address port: 8442, advertise port: 1234
ERROR listener binding[0] at locallhost:1234 cannot be reached.
INFO listener binding[1] has binding tunnel and doesn't need to be verified
INFO listener binding[1] is valid
ERROR One or more error. Review the output above for errors.
see if anything in there helps. i expect one or both will have errors...
However you started your overlay, I would just reinstall it all with a proper advertised address as it's just easier at this point to start over (in my opinion) and get the advertised addresses right.