It doesn't matter that the function is configured to run in the same VPC as the EC2 instance and use the same security group. Lambda functions aren't sitting there running 100% of the time and listening for incoming requests. When you invoke a Lambda function, you connect to the public AWS Lambda service API to request that the AWS Lambda service create a new invocation of your Lambda function for you. That is why the error message is saying that it is trying to connect to lambda.us-east-1.amazonaws.com, which is obviously not an address that exists inside your VPC.
It sounds like your EC2 instance has Internet access already, since opening up the outbound rules in the security group appear to solve the issue. You will have to leave all outbound traffic open in the EC2 instance's security group in order to allow it to connect to the Internet in order for it to communicate with the AWS Lambda service and trigger new invocations of the Lambda function.
Alternatively, you could add an AWS Lambda Interface VPC Endpoint to your VPC, which would allow your EC2 instance to connect to the AWS Lambda service as if it existed inside the VPC. Then you would only need to open up the EC2 instance's security group to allow it to connect to the VPC Endpoint's Security group.
I highly recommend using different security groups for different resource types (EC2, Lambda, Endpoints, etc.) since each one has different inbound and outbound network requirements, and the only way to properly secure them all is to have different security groups with different rules for each one.
