Requirements

reference

Working with Firewalls

The following URLs and access types need outgoing permissions in firewalls in order for Hosted Mender to work correctly:

Mender access: Devices, APIs and browser access

Artifact storage access: Devices, APIs and browser access

Permit access to the following URLs:

  • https://s3.amazonaws.com/<my-example-artifact-storage> - Amazon S3 Path-style request
  • https://<my-example-artifact-storage>.s3.amazonaws.com - Amazon S3 Virtual-hosted-style request

Amazon S3 IAM policies

A minimum policy set to use an Amazon S3 bucket to store Mender Artifacts is:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:GetAccessPoint",
                "s3:ListAllMyBuckets"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Action": [
                "s3:*"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::BUCKET-NAME"
        },
        {
            "Action": [
                "s3:*"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::BUCKET-NAME/*"
        },
    ]
}

We welcome contributions to improve this documentation. To submit a change, use the Edit link at the top of the page or email us at .