All outbound CPM communication is to the 443 port (https)
For ongoing operations for a production CPM server it needs to
access AWS endpoints to use AWS APIs.
You can decide to expose only relevant regions.
AWS endpoint information can be found here:
You should keep the EC2,
RDS, VPC, KMS, IAM, STS, SNS & Redshift services available.
During the trial and an initial registration of the purchased instance, CPM needs to access our licensing service to get the
license, so you need to keep port 443 open from the CPM instance to the Internet.
After you have purchased a non-BYOL edition and registered your CPM instance, you may delete this rule, leaving only communications to the AWS endpoints.
BYOL edition requires to keep port 443 open from the CPM instance to the Internet after the purchase.
Troubleshooting CPM Server's connectivity:
To test connectivity outside of the CPM application itself, please
connect to the instance using SSH (username: cpmuser and your assigned
private key) and try this command:
See what it returns - there must be a failure with either resolving the URL or connecting to it.
If you don't see HTTP response 200 "OK" like in the
screenshot below, there is a problem with either DNS resolution or a
proxy refusing connections.
If CPM has a problem accessing specific endpoints, try using them instead of "aws.amazon.com".CPM Agent:
CPM Agent needs to be able to connect to the CPM Server over port 443.
To verify that it can do that, you can open CPM's GUI in a browser on the Agent's instance.
If the browser can connect, so can the Agent.