Create a security group with the following ports enabled:
In a production environment it is recommended to use the HTTPS port instead of the HTTP port.
| Port# | Port Description | Suggestions for Access Restrictions |
|---|---|---|
| Common Ports | ||
| 22 | SSH port. Clients will use this port to ssh into the EC2 instance. | Open to outside access |
| Private PaaS Instance | ||
| 9443 | HTTPS post to access the WSO2 Private PaaS management console. | Open to outside access |
| 9763 | HTTP post to access the WSO2 Private PaaS management console. | Open to outside access |
| 9444 | Management console port to BAM server. | Open to outside access |
| 8291 | GitBlit HTTP port. | Open to outside access |
| 8443 | GitBlit HTTPS port. | Open to outside access |
| 9445 | Identity Server port. | Restricted internal access |
| 8140 | Puppet Master port. | Open to outside access |
| 3306 | MySQL port. | Open to outside access |
| 7611 | Cartridge agents publish statistics to CEP. | Open to outside access |
| 7612 | Carbon products publish logs to BAM. | Open to outside access |
| Carbon Cartridge Instances | ||
| 80, 8280 | Load Balancer HTTP proxy port. | Open to outside access |
| 443, 8243 | Load Balancer HTTPS proxy port. | Open to outside access |
| 9763 and 9443 | Management console access. | Open to outside access |
| 4000 | Hazlecast port for clustering products. | Restricted internal access |