Why we do not recommend whitelisting CNAMEs and IP address
IP allocations for cloud services are, by design, ephemeral. It is not recommended that whitelisting be performed by IP address range, but rather by the domain name. This ensures that any changes to IP addresses will allow the services to remain available without opening a large range of IP addresses needed for cloud-based environments. Currently, the Mason platform is hosted out of the us-west-2 region of AWS. The entire list of possible ranges can be found by using all us-west-2 allocated ranges from this list provided by AWS: https://ip-ranges.amazonaws.com/ip-ranges.json. However, additional regions may be used in the case of a regional fail-over or future regional load balancing. Also, as we depend on third-party services to provide our service, we do not have ultimate control of the IP addresses used for all dependent services. At this time, it is not feasible to provide a list of static IP addresses that will be used."
App Name | Domain | Port | Notes |
Mason Platform & API | platform.bymason.com api.bymason.com login.bymason.com |
443 443 443 |
|
AWS S3 | mason-registry-production.s3.amazonaws.com | 443 | |
Auth0 | bymason.auth0.com | 443 | |
Pushy | mqtt.pushy.me | 1883 | Applicable to Mason OS v2.9.0 and lower |
Pushy | ssl://mqtt-XXX.pushy.io:443 - *.pushy.me:443 - *.pushy.io:443 |
443 443 443 |
Applicable to Mason OS v2.10.0 and higher Reference: https://support.pushy.me/hc/en-us/articles/360043864611-What-firewall-rules-ports-IPs-are-needed-for-devices-to-connect-to-Pushy- |
Pushy | static-ip-bymason.pushy.me (18.215.116.185) | 80, 443, 8883 | Applicable to Mason OS v2.10.1 (limited to Mason I3399A device) Used for organizations with strict firewall requirements. |
Firebase/Crashlytics | *.crashlytics.com - e.crashlytics.com - settings.crashlytics.com - reports.crashlytics.com |
443 443 443 443 |
|
Android NTP Server | 2.android.pool.ntp.org | 123 | |