AWS EC2

This guide focuses on configuring AWS Security Groups (firewall rules) for Actvt remote monitoring on Amazon EC2 instances.

Prerequisites

AWS account with EC2 access
EC2 instance running Ubuntu 20.04+ or similar Linux distribution
Basic familiarity with AWS Console or CLI

For required ports, see Prerequisites.

Security Group Configuration

Method 1: Using AWS Console

Navigate to Security Groups
- Go to AWS Console
- Navigate to EC2 service → Security Groups
- Find your instance's security group
- Click "Edit inbound rules"

Add Required Rules

SSH Rule:

Type: SSH
Protocol: TCP
Port: 22
Source: Your IP address (recommended) or 0.0.0.0/0
Description: SSH access for management

HTTP Rule:

Type: HTTP
Protocol: TCP
Port: 80
Source: 0.0.0.0/0
Description: Let's Encrypt certificate verification

WebSocket Rule:

Type: Custom TCP
Protocol: TCP
Port: 4096
Source: 0.0.0.0/0 (or restrict to your IP range for security)
Description: Actvt WebSocket server

Save Rules
- Click "Save rules"
- Verify all three rules appear in the inbound rules list

Method 2: Using AWS CLI

First, get your Security Group ID:

# Find your instance's security group
aws ec2 describe-instances --instance-ids YOUR_INSTANCE_ID \
  --query 'Reservations[0].Instances[0].SecurityGroups[0].GroupId' \
  --output text

Then add the required rules:

# Set your security group ID
SECURITY_GROUP_ID="sg-your-security-group-id"

# Add SSH rule (replace YOUR_IP with your actual IP for security)
aws ec2 authorize-security-group-ingress \
  --group-id $SECURITY_GROUP_ID \
  --protocol tcp \
  --port 22 \
  --cidr YOUR_IP/32

# Add HTTP rule for Let's Encrypt
aws ec2 authorize-security-group-ingress \
  --group-id $SECURITY_GROUP_ID \
  --protocol tcp \
  --port 80 \
  --cidr 0.0.0.0/0

# Add WebSocket rule for Actvt
aws ec2 authorize-security-group-ingress \
  --group-id $SECURITY_GROUP_ID \
  --protocol tcp \
  --port 4096 \
  --cidr 0.0.0.0/0

Verify Configuration

Check that your rules are properly configured:

# List inbound rules for your security group
aws ec2 describe-security-groups --group-ids $SECURITY_GROUP_ID \
  --query 'SecurityGroups[0].IpPermissions'

# Test connectivity (from your local machine)
telnet YOUR_INSTANCE_IP 4096
nc -zv YOUR_INSTANCE_IP 4096

Additional Security Considerations

Restrict WebSocket Access

For production environments, consider restricting port 4096 to specific IP addresses:

# Allow WebSocket access only from your office/home IP
aws ec2 authorize-security-group-ingress \
  --group-id $SECURITY_GROUP_ID \
  --protocol tcp \
  --port 4096 \
  --cidr YOUR_OFFICE_IP/32

VPC Considerations

If using a custom VPC, ensure:

Your instance is in a public subnet (for internet access)
Internet Gateway is attached to the VPC
Route table allows outbound internet access

For troubleshooting connectivity, see the Troubleshooting Guide.

Prerequisites​

Security Group Configuration​

Method 1: Using AWS Console​

Method 2: Using AWS CLI​

Verify Configuration​

Additional Security Considerations​

Restrict WebSocket Access​

VPC Considerations​