Port Ranges
Docker-backed services in Simfra allocate host ports from configurable ranges. Each service draws from its own range to avoid conflicts.
All port ranges can be customized via environment variables using the format START-END (e.g. 20000-20099). Set a range to 0 to use random port allocation.
Default Port Allocation
| Service | Env Var | Default Range | Purpose |
|---|---|---|---|
| DNS | SIMFRA_DNS_PORT_RANGE |
10000-10099 |
Route53 DNS server containers (UDP/TCP 53 mapped to host) |
| SMTP | SIMFRA_SMTP_PORT_RANGE |
10100-10199 |
SES SMTP relay containers |
| ELBv2 (ALB/NLB) | SIMFRA_ELBV2_PORT_RANGE |
10200-10299 |
Application and Network Load Balancer listeners |
| API Gateway | SIMFRA_APIGW_PORT_RANGE |
10300-10399 |
API Gateway V1 and V2 HTTP/WebSocket endpoints |
| RDS | SIMFRA_RDS_PORT_RANGE |
10400-10499 |
MySQL, PostgreSQL, and MariaDB database instances |
| RDS Proxy | SIMFRA_RDS_PROXY_PORT_RANGE |
10500-10599 |
RDS Proxy connection pooling endpoints |
| EFS | SIMFRA_EFS_PORT_RANGE |
10600-10699 |
NFS mount target containers |
| Cognito Hosted UI | SIMFRA_COGNITO_AUTH_PORT_RANGE |
10700-10799 |
Cognito user pool hosted UI containers |
| CloudFront | SIMFRA_CLOUDFRONT_PORT_RANGE |
10800-10899 |
CloudFront CDN distribution containers |
| ElastiCache | SIMFRA_ELASTICACHE_PORT_RANGE |
10900-10999 |
Redis, Valkey, and Memcached node containers |
| Redshift | SIMFRA_REDSHIFT_PORT_RANGE |
11000-11099 |
Redshift cluster containers |
| Glue | SIMFRA_GLUE_PORT_RANGE |
11100-11199 |
Glue job execution containers |
| Amazon MQ | SIMFRA_MQ_PORT_RANGE |
11200-11299 |
ActiveMQ and RabbitMQ broker containers |
| MSK (Kafka) | SIMFRA_KAFKA_PORT_RANGE |
11300-11399 |
Kafka broker containers |
| OpenSearch | SIMFRA_OPENSEARCH_PORT_RANGE |
11400-11499 |
OpenSearch domain containers |
| Directory Service | SIMFRA_DS_PORT_RANGE |
11500-11599 |
Active Directory containers |
| DSQL | SIMFRA_DSQL_PORT_RANGE |
11600-11699 |
Aurora DSQL (PostgreSQL-compatible) containers |
| CodeCommit | SIMFRA_CODECOMMIT_PORT_RANGE |
11700-11799 |
Git SSH server containers |
| Port Forwards | SIMFRA_PORT_FORWARD_PORT_RANGE |
11800-11899 |
On-demand port forwards to private containers |
Notes
- Simfra also listens on
SIMFRA_PORT(default4599) for all AWS API traffic. - Each range supports 100 concurrent containers by default. Widen the range if you need more.
- VPC isolation (
SIMFRA_VPC_ISOLATION=true) means private resources do not publish host ports at all - only public-facing resources consume ports from these ranges. - When running Simfra in Docker, ensure the port ranges are published to the host with
-p.