© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
5.2.2 Adding an IAM Role for the AWS IoT Core for LoRaWAN Destination
The second role to be configured for the AWS account is AWS IoT Core destination role. This role is allows your
AWS account to operate with the AWS IoT Core for LoRaWAN and is configured by first defining the policy
associated with the role, and then creating the role itself.
To create a policy that gives the role permission to describe the IoT endpoint and publish messages to AWS IoT
Core, follow these steps:
1.
and select
Policies
from the menu on the left.
2.
In the
Policies
menu, select
Create Policy
and then the
JSON
tab. Selecting the
JSON
tab will open the
policy editor where you will replace the existing policy template with the following trust policy
information:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action":
[
"iot:DescribeEndpoint",
"iot:Publish"
],
"Resource": "*"
}
]
}
3.
After updating the policy, select
Review Policy
to open the
Review Policy
page and specify a policy name
of your choice in the
Name
field and a description of your choice in the
Description
field.
4.
After reviewing the policy and specifying the name and description, select
Create Policy
to create the
policy. A confirmation message indicating that the policy has been created is displayed.
Once the policy for the destination role has been successfully created, you can begin configuring the destination
role itself. To create the destination role, connect to the
and follow these steps:
1.
Select
Roles
from the menu on the left and then select
Create Role
.
2.
In the
Create Role
menu, under
Select type of trusted entity
, select
Another AWS Account
.
3.
Enter your account ID in the
Account ID
field and select
Next: Permissions
.
4.
In the
Permissions
menu, enter the name of the policy you just created for the destination role in the
Filter Policies
search field and select search. Select the check box next to the appropriate policy name to
begin configuring role to which this policy will be applied.
5.
Once the correct policy is selected from the list, select
Next: Tags
and then
Next: Review
to review the
role’s configuration settings.
6.
In the role review page, enter a role name of your choice in the
Role
Name
field and a description of your
choice in the
Description
field and select
Create Role
to the create the IAM destination role.
7.
Once the role is created, you will need to specify the trust relationships and policies for the role to grant
the AWS IoT Core for LoRaWAN permission to assume this IAM role when delivering messages from
devices to your AWS account. In the confirmation message that indicates the role has been created, select
the name you specified for this role
to edit the role.
8.
In the resulting role
Summary
page, select the
Trust Relationships
tab and then select
Edit Trust
Relationship
. The principal AWS role in your trust policy document defaults to root and must be changed.
9.
To change the principal AWS role in the trust policy document, navigate to the
Policy Document
for the
role’s trust relationship and replace the existing policy with the following:
{
"Version": "2012-10-17",
"Statement": [
{