Before launching your AMI, please see the section on Ports and Security Groups.

To make administrative changes to your cloud-hosted Sync Gateway, please SSH into your EC2 instance as 'ec2-user' and launch the /opt/couchbase-sync-gateway/bin/sync_gateway command-line tool. From there, you can change or add configuration options to your Sync Gateway, such as: the location of the Couchbase Server cluster it speaks to, the name of the bucket it will push data to, and so forth.

By default, the Sync Gateway speaks to a built-in limited server called 'walrus', and creates and uses a bucket called 'sync_gateway'. You can change this as follows:

./sync_gateway -url [HTTP_URL_of_you_Couchbase_Server] -bucket [new_name]

For additional options, check your Sync Gateway README.txt or go to: http://developer.couchbase.com/mobile/develop/guides/sync-gateway/administering-sync-gateway/command-line-tool/index.html

To SSH onto your EC2 instance, you can use:  ssh -i your-ssh-key.pem ec2-user@HOST

Ports and Security Groups: If you are creating your own Security Group, the following TCP ports and port ranges MUST be opened for inbound connections from your web application servers and other Couchbase server nodes (for clustering), via Source CIDR / IP filtering or Security Group filtering.  That is, these ports should not be opened for general internet access.  * 4369, * 5984, * 8091, * 11210, * 11211, * port range: 21100 to 21299, and *4984, but should be opened for web application server and peer-Couchbase access.

The most straightforward way to address the issues of opening ports, but not opening them fully for general client access is to use Security Group filtering.  After creating a new Security Group, such as one named 'couchbase-security-group', you would register or list that Security Group within itself.  For example, you would list the 'couchbase-security-group' within itself so that any EC2 instance in the 'couchbase-security-group' can connect to any other EC2 instance in the 'couchbase-security-group'.  You can also add your web application server Security Group to your 'couchbase-security-group' in similar fashion so that your web application server client processes can connect to the Couchbase server processes.