Hi Manoj,
PAM automatically controls any ports at the OS level, but you will need to create your own AWS security group(s) to route the traffic. PAM AMIs are deployed using the same wizard any other AMI is deployed with and you would select or create a security group during that process.
Here is the list of required ports, this should help you decide which ports need to be opened:
IP Address and Port Assignments for Network Connections - CA Privileged Access Manager - 2.8.3 - CA Technologies Documen…
Regards,
Christian Lutz
Support Engineer
CA Technologies - North America