I have four Amazon tablets for home automation dashboards. I have created a VLAN on my network just for IoT devices and setup firewall rules to keep the tablets from phoning home to Amazon to update ad's and other services since I want Fully Kiosk Browser to be the only app running on the device. I also opened holes in the firewall to get to cloud services that update on the dashboards.
The issue with this approach is that the Amazon tablets start to frenzy with hundreds of calls to Amazon and AWS services when their requests are blocked. It was ok when I had just one tablet but now with 4 I was worried about the stress being put on my access points.
What I did was assign static IP's to all the tablets, let them run unfettered for 24 hours and then ran a log report for their IP's and the domains there were looking up on the Pi-hole. I then create a new group called Amazon and added the clients by IP address. After that I created new wildcard addresses for all the various Amazon domains and assigned both the devices and new wildcard domains to that group.
Amazon.comamazonsilk.comamazonaws.comcloudfront.netfireoscaptiveportal.comamazon-adsystem.comssl-images-amazon.commedia-amazon.comfreetimecaptiveportal.com
With the Pi-hole now sink holing the address to the tablets they can no longer hit my network, this reduced the impact on the access point and my router.
Configured clients:
Domain Management:
By 6:30 am today I had rebooted all the Tablets and this was the result, a noticeable drop in hits to the firewall:
