Microsoft Windows Firewall is enabled and configured when you build a deployment using ArcGIS Enterprise on Amazon Web Services deployment tools. All ports that are necessary for ArcGIS Enterprise components to run are open to inbound connections.
Outbound connections are allowed by default in the Windows Firewall on the Amazon Elastic Compute Cloud (EC2) instances you create using ArcGIS Enterprise on Amazon Web Services deployment tools.
See the ArcGIS Enterprise system requirements for links to component pages and a diagram of ports in an ArcGIS Enterprise deployment if you did not use ArcGIS Enterprise on Amazon Web Services deployment tools to create your deployment and you need to open ports.
Windows Firewall and Amazon EC2 security groups
Amazon EC2 security groups provide protection against unsolicited incoming traffic. If you need additional security, you can configure the Windows Firewall on the Windows EC2 instances.
To completely open a port to inbound traffic, the port must be allowed by both the Amazon security group and Windows Firewall.