The API Gateway Appliance has its own Linux firewall, however, with a cloud deployment there is an additional AWS security group that restricts access to the system. Therefore, if you add a service that listens on a port other than 8080 to the API Gateway Appliance, you must allow access to the new port through both the API Gateway Appliance firewall, and the AWS security group. Similarly, if you modify the underlying configuration of the appliance to use different ports, you must modify the AWS security group accordingly.
For more information on the default open ports, see Default ports. For more information on opening new ports in the Linux firewall, see Configure the Linux firewall.