Table of Contents
Advertisement
5.2.2 Adding an IAM Role for the AWS IoT Core for LoRaWAN Destination
The second role to be configured for the AWS account is AWS IoT Core destination role. This role is allows your
AWS account to operate with the AWS IoT Core for LoRaWAN and is configured by first defining the policy
associated with the role, and then creating the role itself.
To create a policy that gives the role permission to describe the IoT endpoint and publish messages to AWS IoT
Core, follow these steps:
1. Connect to the
IAM console
2. In the Policies menu, select Create Policy and then the JSON tab. Selecting the JSON tab will open the
policy editor where you will replace the existing policy template with the following trust policy
information:
{
"Version": "2012-10-17",
"Statement": [
]
}
3. After updating the policy, select Review Policy to open the Review Policy page and specify a policy name
of your choice in the Name field and a description of your choice in the Description field.
4. After reviewing the policy and specifying the name and description, select Create Policy to create the
policy. A confirmation message indicating that the policy has been created is displayed.
Once the policy for the destination role has been successfully created, you can begin configuring the destination
role itself. To create the destination role, connect to the
1. Select Roles from the menu on the left and then select Create Role.
2. In the Create Role menu, under Select type of trusted entity, select Another AWS Account.
3. Enter your account ID in the Account ID field and select Next: Permissions.
4. In the Permissions menu, enter the name of the policy you just created for the destination role in the
Filter Policies search field and select search. Select the check box next to the appropriate policy name to
begin configuring role to which this policy will be applied.
5. Once the correct policy is selected from the list, select Next: Tags and then Next: Review to review the
role's configuration settings.
6. In the role review page, enter a role name of your choice in the Role Name field and a description of your
choice in the Description field and select Create Role to the create the IAM destination role.
7. Once the role is created, you will need to specify the trust relationships and policies for the role to grant
the AWS IoT Core for LoRaWAN permission to assume this IAM role when delivering messages from
devices to your AWS account. In the confirmation message that indicates the role has been created, select
the name you specified for this role to edit the role.
8. In the resulting role Summary page, select the Trust Relationships tab and then select Edit Trust
Relationship. The principal AWS role in your trust policy document defaults to root and must be changed.
9. To change the principal AWS role in the trust policy document, navigate to the Policy Document for the
role's trust relationship and replace the existing policy with the following:
{
"Version": "2012-10-17",
"Statement": [
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
and select Policies from the menu on the left.
{
"Effect": "Allow",
"Action":
[
"iot:DescribeEndpoint",
"iot:Publish"
],
"Resource": "*"
}
{
IAM console
and follow these steps:
Advertisement
Table of Contents
