configure IoT Core for LoRaWAN

Now that you know the EUI of your gateway, it’s time to make your gateway known to AWS IoT Core for LoRaWAN and download necessary configuration information. Please follow the steps described below.

1. Open the AWS IoT Core Management console

Please log in using the link https://console.aws.amazon.com/iotwireless and ensure that you choose one of regions supporting AWS IoT Core for LoRaWAN.

The AWS IoT Core for LoRaWAN console will open: AWS Management Console

2.Open gateway view

Click on “Gateways”: AWS Management Console

3.Initiate gateway registration

Click on “Add Gateway” AWS Management Console

4.Add gateway configuration

  • Provide the gateway EUI that you identified in the previous section
  • Choose a frequency band for the geographic region where your gaeway will operate, e.g. US915 for North America, EU868 for Europe.
  • Provide an optional name of the gateway
  • Provide an optional description for the gateway

AWS Management Console

Scroll down and select “Associate your Gateway” with AWS IoT Thing. This setting should be enabled, because it is a prerequisite for one of the labs in the following sections: AWS Management Console

After entering the data please click on “Add gateway”.

Gateway EUI is following a EUI-64 standard and is intended to uniquely identify your gateway. Because of that it can not be reused in other AWS accounts and regions.

5. Create and download the gateway’s credentials
AWS IoT Core for LoRaWAN will verify the authentic identity of your LoRaWAN gateway by using the X.509 standard. When establishing a connection to AWS IoT Core for LoRaWAN endpoint, your LoRaWAN gateway will need to prove its identity by using a private key and a certificate. To enable your gateway to do so, in this step you will create and download both a certificate and a private key.

Please click on “Create certificate”: AWS Management Console

You will receive a confirmation about creation of the certificates. Click on “Download certificate files” and securely store gateway certificate file and private key file. These files will be necessary in the later steps to configure your gateway:

AWS Management Console

Optional information: AWS IoT Core for LoRaWAN uses the X.509 certificates generated by AWS IoT. You can view the certificate for your gateway in the AWS IoT management console. To retrieve the certificate id of your gateway, you can use CLI command aws iotwireless get-wireless-gateway-certificate or an API GetWirelessGatewayCertificate

6. Identify the AWS IoT Core for LoRaWAN endpoints
To establish a connection to AWS IoT Core for LoRaWAN, your LoRaWAN gateway will require an information about an endpoint in AWS cloud to connect to. There are two kinds of endpoints you can use with AWS IoT Core for LoRaWAN: CUPS (Configuration and Update Server) endpoint and LNS (LoRaWAN network server) endpoint. We recommend using the CUPS endpoint, as it provides additional capabilities for gateway management. If your gateway does not support CUPS, please use the LNS endpoint.

In this step you will store the information about CUPS and LNS endpoints. To do so, please scroll down and note endpoint data for CUPS and LNS endpoints. You will need this information to configure your gateway in next steps. AWS Management Console

Though not required to proceed with this workshop, if you want to learn the “under the hood” technical details behind LNS and CUPS protocols and endpoints, please consider reviewing the related LNS and CUPS sections of Basic Station documentation.

7. Download trust certificates
Your LoRaWAN gateway will verify the authenticity of AWS IoT Core for LoRaWAN endpoints using an X.509 trust certificate for each of the LNS and CUPS endpoints. Each trust certificate contains the certificate of the CA (Certificate Authority) which issued a server certificate for the AWS IoT Core for LoRaWAN endpoint.

Please download the trust certificates by clicking on the button “Download server trust certificates”:

AWS Management Console

Two files should be downloaded:

  • lns.trust: Trust certificate for LNS (LoRaWAN Network Server) endpoint
  • cups.trust: Trust certificate for CUPS (Configuration and Update Server) endpoint

8. Verify the downloads and endpoints

Please verify that you have successfully downloaded the following files:

  • nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn.cert.pem: Gateway device certificate file
  • nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn.private.key: Gateway device private key file
  • lns.trust: Trust certificate for LNS (LoRaWAN Network Server) endpoint
  • cups.trust: Trust certificate for CUPS (Configuration and Update Server) endpoint

Please also verify that you have noted two endpoint URLs:

  • https://XXXXXXXXXXXX.cups.lorawan.<region>.amazonaws.com:443: CUPS (Configuration and Update Server) endpoint
  • wss://XXXXXXXXXXX.gateway.lorawan..amazonaws.com:443: LNS (LoRaWAN Network Server) endpoint

7. Finish the gateway creation

Please scroll to the bottom and click on “Submit”: AWS Management Console

Now you should see your gateway in the list:

AWS Management Console

Now it’s time to configure your gateway using the downloaded certificates. This will be described in the next step.