Cloud servers

The CANedge2 can be used with multiple cloud servers for convenience and scalability.

Table of Contents

• Cloud servers
  • Amazon [recommended]
  • Google
  • Azure
  • Scaleway [EU sovereign cloud]
  • Other clouds

---

Amazon [recommended]

1. Sign up for a free AWS account and login
2. Open this link in a new tab[1]
3. Specify a bucket name[2] and click ‘Create stack’ (wait 2 min)
4. Go to ‘Outputs’, copy the values into your Configuration File via the editor and save it
5. Load the file in the CANcloud login page and verify that you can access the S3 bucket
6. Once verified, click the ‘Delete’ button in the AWS stack view to clean up[3]

Example: CANedge2 AWS S3 server configuration

AWS S3 - user policies

The above process creates an IAM user with full S3 access to the created bucket.

For some use cases, you may want to replace this policy - or add separate users. For this purpose, we provide some example policies below (you should replace your-bucket with your bucket name). Make sure to fully test that the new policy works as expected - the below have been tested on FW 01.07.05.

1. S3-bucket-access: Only allows access to S3 calls for your bucket [DEFAULT]
2. S3-bucket-access-restrictive: As above, but only the S3 calls required by the CANedge2
3. S3-bucket-access-upload-only: As above, but only upload of files (disabling OTA support)
4. S3-bucket-access-read-only: Read-only access for your bucket [not for use on CANedge2]

---

Google

Google Cloud Storage supports S3 via ‘Interoperability’:

1. Sign up for a free account (this requires your card details, but no charges are made)
2. Go to ‘Cloud Storage/Create’ and specify a bucket name
3. Select a nearby single region (do not use multi/dual regions)
4. Go to ‘Settings/Interoperability’ to get your endpoint/keys
5. To use CANcloud, start Google Cloud Shell via the >_ icon in the upper right corner (video)
6. Enter the following command:

echo '[{"maxAgeSeconds": 3600, "method": ["GET", "OPTIONS", "HEAD", "PUT", "POST", "DELETE"],
"origin": ["*"], "responseHeader": ["*"]}]' > cors-config.json

7. Run this in the shell with your bucket name: gsutil cors set cors-config.json gs://your_bucket
8. Copy the S3 details into your Configuration File via the editor and save it
9. Load the file in the CANcloud login page and verify that you can access the S3 bucket

Example: CANedge2 Google Cloud S3 server configuration

---

Azure

Azure does not support S3 natively - but you can add a Flexify S3 gateway for your Blob Storage container in 1 min. It is easy, secure and practically free[5].

Below we assume that you already have an Azure Blob Storage container:

1. Sign up for a free Flexify account and login (no credit card required)
2. Click the ‘…’ next to your Azure Blob Storage container to create a SAS token[6]
3. In Flexify, go to ‘Data/Add storage account’, select Azure and add your token and container[4]
4. Next, go to ‘Endpoints/New endpoint’ and attach your storage account
5. Use the http://s3.flexify.io endpoint for initial testing
6. Copy the S3 details into your Configuration File via the editor and save it
7. Load the file in the CANcloud login page and verify that you can access the S3 bucket

Example: CANedge2 Azure-Flexify Cloud S3 server configuration

Note

Once you’ve verified the initial connection, select the endpoint with the most nearby region[7]. Note that for the regional Flexify endpoints, you must enable TLS to connect

Note

You can also self-host Flexify in your Azure account via this guide [advanced][8]

---

Scaleway [EU sovereign cloud]

If you prefer to use a 100% EU sovereign cloud, we recommend Scaleway[10]:

1. Sign up for an account
2. Click ‘Create/Object Storage Bucket’ in the top menu
3. Select a region and bucket name (use defaults for the rest) and click ‘Create bucket’
4. Click your account icon and select ‘API Keys’
5. Click ‘Policies/Create policy’ with name s3-access
6. In ‘Access to resources’ select default and click ‘Validate’
7. Select ‘Storage/ObjectStorageFullAccess’ and click ‘Validate’ and ‘Create policy’
8. In the IAM overview click ‘Applications/Create application’ with name canedge
9. Attach the s3-access policy and click ‘Create application’
10. In the IAM overview click ‘API keys/Generate an API key’
11. Select the canedge application, select ‘Yes, …’, click ‘Generate API key’ and store the details
12. Copy the S3 details into your Configuration File via the editor and save it

Example: CANedge2 Scaleway S3 server configuration

Update bucket CORS to use CANcloud (optional)

1. Download S3 Browser and add your Scaleway account as an ‘S3 Compatible Storage’
2. Select your account, right-click your bucket and select ‘CORS Configuration’
3. Copy/paste this CORS XML and click ‘Save changes’
4. Verify that you can now login to your S3 bucket via CANcloud

Restrict bucket access (optional)

If you set up multiple buckets, you can follow below steps to manage bucket access:

1. In ‘Storage/Object Storage’ click the ‘…’ next to your bucket and ‘Create bucket policy’
2. Add the name bucket-policy and select ‘JSON editor’
3. Download this bucket policy and update the bucket name, application ID and user ID[9]

---

Other clouds

You can also use other S3 clouds like Wasabi or DigitalOcean. Setting these up is similar to e.g. AWS and hence not described in detail here. Note that if you aim to setup e.g. automated data processing, data lakes or dashboards, we recommend using Amazon S3[10].

---

[1]

The link opens an AWS CloudFormation ‘quick-create’ stack. This is a concept that allows for deploying pre-defined resources within your AWS account. The linked template creates an S3 bucket and a new IAM user with full access to the S3 bucket (but nothing else). The template also adds the CORS policy required for you to access the S3 bucket via CANcloud. If you are not the AWS account owner, you can forward the guide to the relevant persons. If you prefer a more ‘manual’ setup, see our original step-by-step guide. For regions in China, use this URL to create your S3 bucket.

[2]

The bucket will be created in the region that is currently active in your AWS console, which will generally be recommended if your deployment is near your own location. You can optionally change the region by changing this in the AWS console upper right corner. Selecting a region near your device deployment is key to ensuring fast data transfer rates.

[3]

Deleting the stack removes the sensitive details from the Outputs tab and ensures that the created resources are controlled independently of the stack. Your resources are not deleted (i.e. your S3 bucket, IAM user and credentials). We recommend double checking that you can still log in to your S3 bucket after the stack is deleted.

[4]	Flexify may give a warning regarding invalid credentials when you attach the storage account, but this can be ignored

[5]	Flexify charges an insignificant 0.04$/GB uploaded/downloaded (zero fixed fees). Your account will start with 20$ free credits (~500 GB data) without the need for adding a credit card up front. You can add more credits as you progress.

[6]	Enable all access rights and ensure the token has a sufficient life time for your project

[7]	If you are e.g. in EU and only have US based Flexify endpoints available, consider creating an Azure Blob Storage container in a US region as well to minimize the total latency for the CANedge

[8]

If possible, we recommend using the Flexify service option as it is easy to set up. However, if you strictly need to self-host Flexify you can follow the guide. Note, however, that this setup is much more advanced and that we cannot support on e.g. enabling TLS on self-hosted Flexify gateways. If you use the self-hosted setup, ensure you select ‘path-style’ in the CANedge S3 configuration

[9]	To find the Scaleway user/app IDs click your account icon and select ‘IAM’. Select your user and click ‘Copy ID’ to get the <user_id>. Next, navigate to your application and copy the ID as your <app_id>

[10]

(1, 2) We enable plug & play automation work flows for the top 3 clouds (Amazon, Google Cloud, Azure) with particular support for Amazon. This is useful if your use case requires automated data processing, the creation of data lakes and/or dashboard visualization. Here we strongly recommend to use Amazon S3, though Google Cloud and Azure can also be used. However, using other clouds are not recommended in this case as you will need to setup any automation from scratch on your own.