Cloud Communications

Agents are designed to communicate to the BOB cloud via MQTT (Message Queuing Telemetry Transport) over TLS using ALPN (Application Layer Protocol Negotiation) and HTTPS. This means that the Agent communicates to the internet on TCP Port 443 only (unless NTP is unavailable on the local network, in which case the Agent will need to communicate on UDP Port 123).

For System Administrators setting up an Agent on their network, it is important to understand that the firewall does not need to allow external devices to connect to the Agent. The firewall only needs to allow the Agent to make an outbound connection to the BOB cloud on TCP Port 443 (and UDP Port 123 if external NTP is required).

Below are the URLs that the Agent will need to communicate with externally:

• AWS IoT Group Management
  greengrass.us-east-1.amazonaws.com | TCP Port 443

• AWS IoT Device Management
  a2h2778cvs6c7x-ats.iot.us-east-1.amazonaws.com | TCP Port 443
  a2h2778cvs6c7x.iot.us-east-1.amazonaws.com | TCP Port 443
  *.compute-1.amazonaws.com | TCP Port 443

• AWS IoT Device Discovery
  greengrass-ats.iot.us-east-1.amazonaws.com | TCP Port 443
  greengrass.iot.us-east-1.amazonaws.com | TCP Port 443

• AWS IoT Device Data
  *.s3.amazonaws.com | TCP Port 443

• AWS IoT Device Logs
  logs.us-east-1.amazonaws.com | TCP Port 443

• Mender Update Server
  https://hosted.mender.io | TCP Port 443

• Time Synchronization (Optional)
  pool.ntp.org | UDP Port 123