Amazon Monitron is no longer open to new customers. Existing customers can continue to use the service as normal. For capabilities similar to Amazon Monitron, see our [blog post](https://aws.amazon.com/blogs/machine-learning/maintain-access-and-consider-alternatives-for-amazon-monitron).

# Understanding networking with Amazon Monitron
<a name="networking-chapter"></a>

As you plan your local network, and make decisions about how that network includes Amazon Monitron, it may be helpful to understand how each component relates to the others.

**Topics**
+ [Networking with your mobile device](network-mobile.md)
+ [Securing your network](network-secure.md)

# Networking with your mobile device
<a name="network-mobile"></a>

From a networking perspective, the process of provisioning sensors or gateways goes like this.

**Topics**
+ [Setting up your Monitron network foundation with your mobile app](#network-mobile-foundation)
+ [Setting up your gateways](#network-gateways)
+ [Setting up your sensors](#network-sensors)

## Setting up your Monitron network foundation with your mobile app
<a name="network-mobile-foundation"></a>

1. Your mobile device uses Wi-Fi or a signal from outside the facility (such as a satellite or a tower) to connect to the internet.

1. Over the internet, you install the Amazon Monitron mobile app on your mobile device. (This only has to be done once per device.)

1. Over the internet, the Monitron app on your mobile device connects to the AWS infrastructure, authenticating with AWS IAM Identity Center.

1. Having been authenticated inside the AWS infrastructure, the app connects to the Amazon Monitron back end.

1. Using your authenticated app, you identify the framework of your local Amazon Monitron setup. This involves naming your local network and identifying how many gateways will be part of it.

## Setting up your gateways
<a name="network-gateways"></a>

1. In your mobile app, (running authenticated and securely over the internet), choose the option for adding a gateway.

1. You give your mobile app permission to access Bluetooth functionality on your mobile device.

1. The mobile app on your device, using Bluetooth, connects to your local gateway. 

1. You give the app the name of your local network (Wi-Fi only).

1. You give the app the password to your local network.

1. The app, securely over the internet, communicates with the Monitron back end about your gateway.

1. On the front end, through Bluetooth on your mobile device, the app gives the gateway the token it needs to communicate with the Monitron back end.

1. The gateway uses your local network (Ethernet or Wi-Fi) to connect to the internet through your local internet access point.

1. Securely, over the internet, your gateway registers itself with the Monitron back end.

1. A representation of your gateway now appears in your app as a part of your network.

## Setting up your sensors
<a name="network-sensors"></a>

1. In the mobile app, you indicate the name and class of your asset (once per asset).

1. In the mobile app, you give a name to a sensor.

1. In your facility, you physically attach an un-paired sensor to your asset.

1. From the mobile app, using your device’s NFC, you connect to the sensor.

1. The mobile app, using your device’s NFC, tells the sensor about your local Monitron gateway, already set up.

1. The mobile app, securely over the internet, tells the Monitron back end about the sensor.

1. The sensor, using Bluetooth, begins to send data about the asset to the gateway.

1. The gateway, securely over the internet, sends the sensor’s data to the Monitron back end.

1. In the mobile app (or the web app), securely over the internet, you can now view the analytical data about your asset.

# Securing your network
<a name="network-secure"></a>

In order to allow your Amazon Monitron gateways to send data back to AWS, you should allow the following with regard to your local network traffic:
+ Protocol UDP, port 53 - standard DNS port
+ Protocol UDP, ports 67 and 68 - standard DHCP ports
+ TCP ports 443 and 8883
+ For Amazon Monitron gateways commissioned before 19th January, 2024:
  + Domains ending in `*.amazonaws.com`
+ For Amazon Monitron gateways commissioned after 19th January, 2024:
  + Asia Pacific (Sydney) (ap-southeast-2) – 54.79.215.104 and 54.79.23.89
  + Europe (Ireland) (eu-west-1) – 54.72.131.46, 34.251.27.192, and 52.213.71.97
  + US East (N. Virginia) (us-east-1) – 3.215.69.205, 52.86.131.66, and 18.210.44.199

**Note**  
There's no regression with new static IPs being enabled by default for previously commissioned devices as they have already been allow listed for IP domains ending in `*.amazonaws.com` (which already includes the new static IP domain of `amazonaws.com`). Decommissioning and recomissioning a gateway will switch it to static IP. You can't revert a gateway network configuration from a static IP to a dynamic IP.

If you are using an** Android mobile device** to provision your gateways and sensors, then you should allow the following with regard to your local network traffic:
+ TCP ports 443, 5228, 5229, and 5230
+ Domains ending in `*.google.com`, `*.googleapis.com`
+ Any ports required by your telecom provider
+ TCP port 5094 for SSL communications used on 

  ** *Vodafone devices* **

If you are using an** Apple mobile device** to provision your gateways and sensors, then you should allow the following with regard to your local network traffic:
+ TCP ports 443, 2197, and 5223
+ Subnets 17.249.0.0/16, 17.252.0.0/16, 17.57.144.0/22, 17.188.128.0/18, and 17.188.20.0/23
+ See also: [ Apple’s list of required ports and hosts ](https://support.apple.com/en-us/HT203609)

Note: Amazon Monitron, Android, and Apple do not (per their respective documentation) require the following ports to be open:
+ UDP port 443 
+ TCP port 80