Skip to content

Latest commit

 

History

History
184 lines (143 loc) · 6.46 KB

aws_iot_core_integration.md

File metadata and controls

184 lines (143 loc) · 6.46 KB

AWS IoT Core Integration

Overview

This guide provides instructions on how to connect the NM180100 to the AWS IoT Core.

Pre-requisites

  • A LoRaWAN end-node such as the NM180100EVB.
  • A LoRaWAN gateway with support for Basic Station.
  • An AWS account.

AWS Identity and Access Management (IAM) Configuration

IAM Policy and Role Creation for CUPS (expand for detailed instructions)

IAM Policy and Role Creation for CUPS

Overview

This section outlines the steps to allow the Configuration and Update Server (CUPS) to handle wireless gateway credentials. This procedure only needs to be done once and must be performed before a LoRaWAN gateway can be added to the AWS IoT Core.

Setup Policy

  1. Login to AWS and type IAM in the search bar at the top.

  2. Select IAM in the search result to access the IAM console. aws_iam_gw

  3. In the IAM console, select Policies in the left panel.

  4. In the search box next to Filter policies, enter AWSIotWirelessGatewayCertManager. aws_iam_gw_policies

  5. If the search result is empty, click on Create policy and continue with the next step. Otherwise skip to Setup Role

  6. Select the JSON tab and replace the content with the following:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "IoTWirelessGatewayCertManager",
            "Effect": "Allow",
            "Action": [
                "iot:CreateKeysAndCertificate",
                "iot:DescribeCertificate",
                "iot:ListCertificates",
                "iot:RegisterCertificate"
            ],
            "Resource": "*"
        }
    ]
}

    aws_iam_gw_create_policy_json

  7. Click on Next: Tags and then Next: Review.

  8. On the Review policy page and in text box next to Name, enter AWSIotWirelessGatewayCertManager.

    aws_iam_gw_create_policy_review

  9. Click Create policy and a confirmation message pops up showing that the policy has been created.

Setup Role

  1. Back in the IAM console, select Roles in the left panel. aws_iam_gw_roles
  2. Click on Create role at the top right corner.
  3. On the Create role page, choose AWS account.
  4. Select This account (xxxxxxxxxxxx).
  5. Select Next. aws_iam_gw_create_role
  6. In the search box next to Filter policies, enter AWSIotWirelessGatewayCertManager.
  7. Select the policy by clicking on the checkbox. Click Next. aws_iam_gw_roles_add_policy
  8. In the textbox beside Role name, enter IotWirelessGatewayCertManagerRole. Note that this must have a different name than the policy name.
  9. Select Create role and a confirmation message will show indicating that the role has been created.

Update Trust Relationship

  1. Back in the IAM console, select Roles again.
  2. Enter IotWirelessGatewayCertManagerRole in the search box or the name that you have choosen in the previous section.
  3. Select the Trust relationships tab, and click on Edit trust policy.
  4. Replace the content with the following:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "iotwireless.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
  1. Click Update Policy to save your changes and exit.
IAM Role and Policy for LoRaWAN Messages (expand for detailed instructions)

IAM Policy and Role for LoRaWAN Messages

Overview

This section outlines the steps needed to create the role and policy needed to publish messages to AWS IoT.

Setup Policy

  1. In the IAM console, select Policies in the left menu bar.

  2. Click on Create policy.

  3. Select the JSON tab and replace the existing content with the following:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iot:DescribeEndpoint",
                "iot:Publish"
            ],
            "Resource": "*"
        }
    ]
}

    aws_iam_dst_create_policy

  4. Click on Next: Tags and then Next: Review.

  5. On the Review policy page and in text box next to Name, enter a name of your choice. In this example, we will use demo_destination_policy.

  6. Select Create policy and a confirmation message pops up showing that the policy has been created. aws_iam_dst_create_policy_review

Setup Role

  1. Back in the IAM console, select Roles in the left menu bar.
  2. Click on Create role at the top right corner.
  3. On the Create role page, choose AWS account.
  4. Select This account (xxxxxxxxxxxx).
  5. Select Next. aws_iam_gw_create_role
  6. In the search box next to Filter policies, enter demo_destination_policy or the name that you have choosen during the policy creation step.
  7. Select the policy by clicking on the checkbox. Select Next: Tags and then Next: Review.
  8. In the textbox beside Role name, enter a name of your choice. In this example, we will use demo_destination_role.
  9. Select Create role and a confirmation message will show indicating that the role has been created.

Update Trust Relationship

  1. Back in the IAM console, select Roles again.
  2. Enter demo_destination_role in the search box or the name that you have choosen in the previous section.
  3. Choose demo_destination_role in the result to edit the role.
  4. Select the Trust relationships tab, and click on Edit trust policy.
  5. Replace the content with the following:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "iotwireless.amazonaws.com"
            },
            "Action": "sts:AssumeRole",
            "Condition": {}
        }
    ]
}
  1. Click Update Policy to save your changes and exit.