Cloud servers

The CANedge2 can be used with multiple cloud servers for convenience and easy scalability.

Table of Contents

• Cloud servers
  • AWS S3 cloud [recommended]
  • Google S3 cloud
  • Other S3 clouds
  • Azure S3 cloud gateway

---

AWS S3 cloud [recommended]

1. Sign up for a free account
2. Log in and go to ‘Services/S3/Buckets’
3. Click ‘Create bucket’, add a name and select a region[1]
4. In your bucket go to ‘Permissions/CORS’ and paste this JSON
5. Go to ‘Services/IAM/Users’, click ‘Add users’, add a name and click ‘Next’
6. Select ‘Attach policies directly’, choose ‘AdministratorAccess’, then ‘Next’ and ‘Create user’[2]
7. In the user, go to ‘Security credentials/Create access key’, select ‘Other’ then ‘Next’
8. Save your AccessKey, SecretKey
9. Also note your region (e.g. us-east-1) and endpoint (http://s3.[region].amazonaws.com)

You can now configure your device and log into CANcloud using your details.

Note

When configuring your device for AWS S3, set the request style to Virtual hosted style. Also, make sure to use http:// in your endpoint and set the port to 80

Example: CANedge2 AWS S3 server configuration

Below are example Configuration File details for an AWS S3 server (editor view and JSON):

"server": {
    "endpoint": "http://s3.us-east-1.amazonaws.com",
    "port": 80,
    "bucket": "amazon-bucket-name",
    "region": "us-east-1",
    "request_style": 1,
    "accesskey": "AKIA32WGRU62PNIX2L7T",
    "keyformat": 0,
    "secretkey": "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"
  }

AWS S3 - alternative user policies

Once you’ve tested the above, you can switch to a stricter user policy for security.

To do so, create a new IAM user and add the relevant JSON policy from below (modifying your-bucket to match your bucket). Make sure to fully test that the new policy works as expected.

1. S3-bucket-access: Only allows access to S3 calls for your bucket [recommended]
2. S3-bucket-access-restrictive: As above, but only the S3 calls required by the CANedge2
3. S3-bucket-access-read-only: Read-only access for your bucket [not for use on CANedge2]

---

Google S3 cloud

Google Cloud Storage supports S3 via ‘Interoperability’:

See also our video of how to set up your Google Cloud bucket and how to set up CORS.

1. Sign up for a free account (this requires your card details, but no charges are made)
2. Under Storage/Browser select “Create bucket” and select your preferred region
3. Go to Settings/Interoperability, Enable Interoperability and “Create a new key”
4. To enable CORS, start Google Cloud Shell via the >_ icon in the upper right corner
5. Enter the following command:

echo '[{"maxAgeSeconds": 3600, "method": ["GET", "OPTIONS", "HEAD", "PUT", "POST"],
"origin": ["*"], "responseHeader": ["*"]}]' > cors-config.json

6. Next, modify below with your bucket name and run it in the shell: gsutil cors set cors-config.json gs://[YOUR_OWN_BUCKET_NAME]

You can now configure your CANedge2 and log into CANcloud using the endpoint, http://storage.googleapis.com, your bucket name and the Interoperability storage access keys.

Note

Some S3 API calls are not supported via GCS Interoperability, incl. parts of CANcloud. If you need full support for the API, consider AWS or MinIO

---

Other S3 clouds

You can also use other S3 cloud servers like Wasabi or DigitalOcean. The concept of setting these up is similar to e.g. AWS and hence not described in detail here. If questions, please contact us.

---

Azure S3 cloud gateway

Azure does not directly support S3, but you can use MinIO or Flexify as an ‘S3 gateway’ to Azure blob storage[3]. We recommend Flexify over MinIO, as MinIO has deprecated support for Azure.

• To deploy Flexify, see their video introduction and their Azure marketplace page
• To deploy MinIO, see GitLab’s article or MinIO’s article

Note that setting up an S3 gateway for Azure is an advanced topic and requires that you have experience with Azure virtual machine management. While the Azure integration is possible, we strongly recommend to at least start with one of the other cloud options. We are not able to offer technical support on setting up the gateway for Azure

---

[1]	Selecting a nearby region with low latency is key to ensuring fast data transfer rates.

[2]	The ‘AdministratorAccess’ credentials can be useful later for e.g. setting up AWS automation in a simple way. However, if you prefer you can alternatively start out with ‘AmazonS3FullAccess’ to limit the scope of access for security purposes

[3]	Note that Azure + MinIO is a higher-latency solution vs. the native S3 cloud servers. If your use case requires fast WiFi data transfer (e.g. for periodic uploads), consider one of the other server options.