Install and configure the API Gateway AMI virtual appliance

This topic describes how you can install and configure the Amazon Machine Image (AMI) virtual appliance.

AMI system requirements

The minimum specifications for an AMI appliance are completely dependent on the amount of traffic throughput required. Total throughput increases with the amount of CPU added, therefore at least t2.medium is recommended. Amazon provides a guideline Elastic Compute Unit (ECU) to give a comparable measure between different EC2 instances.

Note   Typically, API Gateway performance is CPU bound, therefore the best use of system resources is to add extra ECU to an instance.

Create and launch an Amazon EC2 instance

The following steps summarize how to set up a running instance of the API Gateway Appliance as an Amazon EC2 image:

  1. Open the Amazon EC2 console (
  2. Click Launch Instance.
  3. Follow the steps in the launch wizard to launch your first instance. For more information, see the following AWS documentation:
Note   You can select the default values for a number of options (for example, instance parameters, sizing, and storage) or you can enter your own preferred values, depending on your particular deployment environment. Some recommendations are provided in AMI system requirements. You should also consider the API Gateway system requirements detailed in System requirements in the API Gateway Installation Guide.
  1. After the instance starts, its state changes to running, and it receives a public DNS name.
  2. To connect to the system, use the public DNS of the instance (for example, For more information, see Connect to AMI over SSH.

Follow these guidelines when using the launch wizard:

  • Enter the Amazon Machine Image (AMI) ID provided to you for the API Gateway Appliance to find the correct AMI configuration.
  • Select your region.
  • Select the appropriate EC2 instance type to configure the hardware (for example, t2.medium). For more details on image sizing, see AMI system requirements.
  • Choose an existing key pair or create a new key pair. A key pair is required to log in to the appliance AMI image.
  • Choose an existing security group or create a new security group and ensure that you create rules to allow access to the following ports:
  • Access requirement TCP port

    Business traffic for API Gateway


    Management traffic for Node Manager


    Management traffic for API Gateway instance


    SSH access


    Web Administration Interface


    API Manager (if enabled)


    API Manager (if enabled) traffic port 8065

    Apache Cassandra (communication between Cassandra nodes)


    Apache Cassandra (communication between Cassandra nodes if SSL is configured) 7001
    Apache Cassandra (API Gateway client connections) 9042
    Apache Cassandra (JMX) 7199
  • For more information on the ports used by API Gateway, see Default ports.
Note   If you add API Gateway instances, or if you want to use different ports for business or management traffic, you must open the ports in the API Gateway Appliance firewall, and in the AWS security group. For more information, see Allow access to ports on AMI.

Connect to AMI over SSH

You can log in to the AMI instance over SSH. Use the following command to SSH to the AMI appliance:


You must specify the fully-qualified path of the .pem file for the key pair that you specified when you launched the instance, the default administrator user name, and the public DNS name of the instance.

For example:

# ssh -i my-key-pair-useast.pem
[admin@ec2-187-73-18-214 ~]$

Connect to the Web Administration Interface on AMI

On the AMI appliance, you must set the administrator user password before you can connect to the Web Administration Interface for the first time.

To set the administrator password, follow these steps:

  1. Log in to the appliance over SSH (see Connect to AMI over SSH).
  2. Enter the following commands at the prompt:
  3. $ sudo -s
    # passwd admin
  4. Enter the new administrator password.

You can now access the Web Administration Interface on:


Use the user name admin and new password you entered above to log in.

Configure API Gateway

To configure API Gateway on the AMI appliance, see Configure API Gateway on the appliance.

Allow access to ports on AMI

The API Gateway Appliance has its own Linux firewall, however, with a cloud deployment there is an additional AWS security group that restricts access to the system. Therefore, if you add a service that listens on a port other than 8080 to the API Gateway Appliance, you must allow access to the new port through both the API Gateway Appliance firewall, and the AWS security group. Similarly, if you modify the underlying configuration of the appliance to use different ports, you must modify the AWS security group accordingly.

For more information on the default open ports, see Default ports. For more information on opening new ports in the Linux firewall, see Configure the Linux firewall.

Related Links