WorkSpaces Manager deploys a Security Group for the EC2 instance in which it configures the requirements for inbound connections.
By default, the EC2 instance is reached through TCP/80 (HTTP) and TCP/3389 (RDP). Both ports are exclusively accessible from the internal segments defined during the deployment of the CloudFormation Template.
Outbound connections: WSM must have access to AWS APIs (all published on TCP/443 HTTPS) and nuvens.info service (TCP/443). In addition, it also requires access to an existing Active Directory (TCP/389 for LDAP or TCP/636 for LDAPS) to handle AD information. As an option, it may need access to an SMTP Relay (25, 587 or 2587, depending on the provider) or to external RestAPIs if there are custom integrations.
For WSUS, WSM uses default ports 8530 or 8531.
Post your comment on this topic.