The ports used by Tentacle in this scenario are indeed the same as for on-premesis Octopus, so by default that is
10933 for Listening, and
80/443 + 10943 for Polling. What I was referring to with my access remark is that with AWS there is also intermediary firewall(s) that will also need to be configured, I’ve extracted some information from our Tentacle documentation below:
Intermediary Firewalls Don't forget to allow access not just in Windows Firewall, but also any intermediary firewalls between the Tentacle and your Octopus Server. For example, if your Octopus Server is hosted in Amazon EC2, you'll also need to modify the AWS security group firewall to tell EC2 to allow the traffic. Similarly if your Octopus Server is hosted in Microsoft Azure you'll also need to add an Endpoint to tell Azure to allow the traffic.
I hope that helps answer your question, if there is anything else you need please let me know!