Cloud servers
The CANedge2 can be used with multiple cloud servers for convenience and easy scalability.
Table of Contents
AWS S3 cloud [recommended]
- Sign up for a free AWS account and login
- Open this link in a new tab[1]
- Specify a bucket name/region[2] and click ‘Create stack’ (wait 2 min)
- Go to ‘Outputs’, copy the values into your Configuration File via the editor and save it
- Load the file in the CANcloud login page and verify that you can access the S3 bucket
- Once verified, click the ‘Delete’ button in the AWS stack view to clean up[3]
Example: CANedge2 AWS S3 server configuration
Below are example Configuration File details for an AWS S3 server:
AWS S3 - user policies
The above process creates an IAM user with full S3 access to the created bucket.
For some use cases, you may want to replace this policy - or add separate users. For this purpose, we provide some example policies below (you should replace your-bucket with your bucket name). Make sure to fully test that the new policy works as expected.
S3-bucket-access: Only allows access to S3 calls for your bucket [DEFAULT]S3-bucket-access-restrictive: As above, but only the S3 calls required by the CANedge2S3-bucket-access-read-only: Read-only access for your bucket [not for use on CANedge2]
Google S3 cloud
Google Cloud Storage supports S3 via ‘Interoperability’:
See also our video of how to set up your Google Cloud bucket and how to set up CORS.
- Sign up for a free account (this requires your card details, but no charges are made)
- Under Storage/Browser select “Create bucket” and select your preferred region
- Go to Settings/Interoperability, Enable Interoperability and “Create a new key”
- To enable CORS, start Google Cloud Shell via the
>_icon in the upper right corner - Enter the following command:
echo '[{"maxAgeSeconds": 3600, "method": ["GET", "OPTIONS", "HEAD", "PUT", "POST"], "origin": ["*"], "responseHeader": ["*"]}]' > cors-config.json
- Next, modify below with your bucket name and run it in the shell:
gsutil cors set cors-config.json gs://[YOUR_OWN_BUCKET_NAME]
You can now configure your CANedge2 and log into CANcloud using the endpoint, http://storage.googleapis.com, your bucket name and the Interoperability storage access keys.
Note
Some S3 API calls are not supported via GCS Interoperability, incl. parts of CANcloud. If you need full support for the API, consider AWS or MinIO
Other S3 clouds
You can also use other S3 cloud servers like Wasabi or DigitalOcean. The concept of setting these up is similar to e.g. AWS and hence not described in detail here. If questions, please contact us.
Azure S3 cloud gateway
Azure does not directly support S3, but you can use MinIO or Flexify as an ‘S3 gateway’ to Azure blob storage[4]. We recommend Flexify over MinIO, as MinIO has deprecated support for Azure.
- To deploy Flexify, see their video introduction and their Azure marketplace page
- To deploy MinIO, see GitLab’s article or MinIO’s article
Note that setting up an S3 gateway for Azure is an advanced topic and requires that you have experience with Azure virtual machine management. While the Azure integration is possible, we strongly recommend to at least start with one of the other cloud options. We are not able to offer technical support on setting up the gateway for Azure
| [1] | The link opens an AWS CloudFormation ‘quick-create’ stack. This is a concept that allows for deploying pre-defined resources within your AWS account. The linked template creates an S3 bucket and a new IAM user with full access to the S3 bucket (but nothing else). The template also adds the CORS policy required for you to access the S3 bucket via CANcloud. If you are not the AWS account owner, you can forward the guide to the relevant persons. If you prefer a more ‘manual’ setup, see our original step-by-step guide. |
| [2] | Selecting a nearby region with low latency is key to ensuring fast data transfer rates. See region codes vs. names here. |
| [3] | Deleting the stack removes the sensitive details from the Outputs tab and ensures that the created resources are controlled independently of the stack. Your resources are not deleted (i.e. your S3 bucket, IAM user and credentials). |
| [4] | Note that Azure + MinIO/Flexify is a higher-latency solution vs. the native S3 cloud servers. |