security - How to secure Amazon EC2 with Tomcat7 and mySQL -

i'm new ec2. have tomcat 7 , mysql installed. security group have setup is

custom tcp rule tcp 8080

ssh tcp 22

mysql tcp 3306

for outbound traffic.

i got report amazon said below

instance id: i-1e42db06 aws id: 772517067349 reported activity: dos

what should stop it?

and got bill below $0.090 per gb - first 10 tb / month data transfer out beyond global free tier 637.521 gb

please advice me steps protect instance in ec2

updated: email amazon we've received report(s) ec2 instance(s)

aws id: 772517067349

instance id: i-1e42db06 ip address: 172.31.25.202

has been implicated in activity resembles denial of service attack against remote hosts; please review information provided below activity.

please take action stop reported activity , reply directly email details of corrective actions have taken. if not consider activity described in these reports abusive, please reply email details of use case.

if you're unaware of activity, it's possible environment has been compromised external attacker, or vulnerability allowing machine used in way not intended

check instance monitoring panel in ec2 see traffic , check logs in server see kind of traffic is.

mysql has had 0 day exploit vulnerable to, , ssh has had quite few critical bugs lately, it's not firewall settings need take account here, need secure services behind ports too.

besides this, if web application deployed in tomcat contains vulnerability, open sort of attacks, many of reflected in increase of traffic. tomcat itself, of course, must date , secured.

there's many things happening enumerate, if "transfer out" it's worded in question refers outbound traffic, have been compromised , have server part of botnet. it's not clear above if reporting you suffering dos or trying dos.