In this post the URLs that Mender client accesses were established to be:
As mentioned in that post, our company has a customer with restrictive network access policies using HTTP proxy servers. They have noted that s3.amazonaws.com resolves to a very large number of IP addresses, which is understandable given AWS S3’s huge footprint. This customer would like to open up the bare minimum of outbound IP address destinations, and they aren’t comfortable with the size of the IP address pool to which that URL resolves.
Are there any plans to switch to using virtual-hosted style URLs to take advantage of subdomains, e.g., hosted-mender.s3.amazonaws.com? It’s possible that approach would vastly reduce the IP address pool and would make our customer less worried. It also appears you may need to put this on your roadmap anyway, because AWS may decide to deprecate path-style URLs in the future.
Follow-up question: are there already undocumented paths that would point to the same S3 bucket, e.g., https://hosted-mender-artifacts.s3.us-east-1.amazonaws.com without any change on your end? I haven’t tested this out, but perhaps your team may already know some tricks that could help me help our end customer without any changes to your existing infrastructure. Thanks!