add necessary IAM role

This procedure describes how to add an IAM role that will allow AWS IoT Core for LoRaWAN to manage gateway credentials in your AWS Account. This role must exist before a LoRaWAN gateway can connect to AWS IoT Core for LoRaWAN in your account. The role need only be created once for the account that you wish to use.

  1. Open the Roles hub of the IAM console and choose Create role.

  2. Check that the IoTWirelessGatewayCertManagerRole role does not already exist in your account. In the search bar, enter IoTWirelessGatewayCertManagerRole.

    • If you see an IoTWirelessGatewayCertManagerRole role in the search results, you have the necessary IAM role and should proceed to Lab 2

    • If the search results are empty, you don’t have the necessary IAM role. Continue this procedure to add it.

    AWS Management Console

  3. Click on “Create role”. In Select type of trusted entity, choose Another AWS account. In Account ID, enter your AWS account ID, and then choose Next: Permissions.

    AWS Management Console

  4. In the search box, enter AWSIoTWirelessGatewayCertManager. In the list of search results, select the policy named AWSIoTWirelessGatewayCertManager. Choose Next: Tags, leave Tags entry empty and then choose Next: Review.

    AWS Management Console

  5. In Role name, enter IoTWirelessGatewayCertManagerRole, and then choose Create role. AWS Management Console

  6. To edit the new role, in the confirmation message, click on IoTWirelessGatewayCertManagerRole. AWS Management Console

  7. In Summary, choose the Trust relationships tab, and then choose Edit trust relationship. AWS Management Console

  8. In Policy Document, change the Principal property to look like this example.

    "Principal": { 
        "Service": "" 

    After you change the Principal property, the complete policy document should look like the example below.

    AWS Management Console

    To save your changes and exit, choose Update Trust Policy.

    You’ve now created the IoTWirelessGatewayCertManagerRole. You won’t need to do this again for gateways to connect to this account.

    You can close the IAM console.