AWS GuardDuty sometimes reports security concerns similar to the below.
An EC2 instance has an unprotected port which is being probed by a known malicious host.
Port 8000 is utilized by the Traefik service for internal HTTP connections. This port is not exposed to the public and is protected by a Security Group that is exclusively attached to the Network Load Balancer (NLB). The NLB only exposes ports 443 and 80 to the public, while all other ports are secured by security groups.
Port 8000 cannot be disabled as it is essential for the HTTP01 method used in the certificate creation requests handled by CertManager.
Both ports 8000 and 8443 are not publicly exposed but may appear "open" to port scanners. However, there is nothing accessible through these ports as they are protected by security groups and only accessible by CertManager in Traefik and the NLB, both of which are behind an IP whitelisted security group.