How to enable JMX on Tomcat running on EC2 (behind a firewall)

Step 1: Copy catalina-jmx-remote.jar into Tomcat’s lib folder. This jar file is available in the extras folder of Tomcat’s binary distribution.

Step 2: Modify Tomcat’s server.xml by adding a new Listener entry.

<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" 
rmiRegistryPortPlatform="9090" rmiServerPortPlatform="9091"/>

Step 3: Open both of these ports in your firewall. Ports 9090 and 9091 and just examples, you can choose to use any port numbers you like.

Step 4: Add the following options to Tomcat startup script. 
-Djava.rmi.server.hostname=public-ip (or public dns)

All done! Restart Tomcat and connect to it using jconsole or visualvm from a remote system.