Setting up AWS IoT FleetWise
When you sign up for AWS, your AWS account is automatically signed up for all services in AWS, including AWS IoT FleetWise.
To set up AWS IoT FleetWise, use the steps in the following sections.
Create an IAM user
Sign up for an AWS account
If you do not have an AWS account, complete the following steps to create one.
To sign up for an AWS account
Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.
When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to an administrative user, and use only the root user to perform tasks that require root user access.
AWS sends you a confirmation email after the sign-up process is
complete. At any time, you can view your current account activity and manage your account by
going to https://aws.amazon.com/
Create an administrative user
After you sign up for an AWS account, create an administrative user so that you don't use the root user for everyday tasks.
Secure your AWS account root user
-
Sign in to the AWS Management Console
as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password. For help signing in by using root user, see Signing in as the root user in the AWS Sign-In User Guide.
-
Turn on multi-factor authentication (MFA) for your root user.
For instructions, see Enable a virtual MFA device for your AWS account root user (console) in the IAM User Guide.
Create an administrative user
-
For your daily administrative tasks, grant administrative access to an administrative user in AWS IAM Identity Center (successor to AWS Single Sign-On).
For instructions, see Getting started in the AWS IAM Identity Center (successor to AWS Single Sign-On) User Guide.
Sign in as the administrative user
-
To sign in with your IAM Identity Center user, use the sign-in URL that was sent to your email address when you created the IAM Identity Center user.
For help signing in using an IAM Identity Center user, see Signing in to the AWS access portal in the AWS Sign-In User Guide.
Configure settings
Before exploring AWS IoT FleetWise, you must configure the service settings. Your Edge Agent software transfers your vehicle data to Amazon Timestream. To enable Amazon Timestream to receive your vehicle data, configure the settings. After the settings are configured, AWS IoT FleetWise automatically registers your AWS account, IAM, and Amazon Timestream resources for access.
You can use the AWS IoT FleetWise console or API to configure the settings.
Prerequisites
To configure the settings, you need the following AWS resources.
-
You must use the same AWS Region when you create Timestream resources for AWS IoT FleetWise. If you switch AWS Regions, you might have issues accessing the Timestream resources.
-
AWS IoT FleetWise is available in US East (N. Virginia) and Europe (Frankfurt).
-
For the list of supported Regions, see Timestream endpoints and quotas in the AWS General Reference.
-
An Amazon Timestream database. For a tutorial, see Create a database in the Amazon Timestream Developer Guide.
-
A table created in the specified Amazon Timestream database. For a tutorial, see Create a table in the Amazon Timestream Developer Guide.
-
An IAM role that allows AWS IoT FleetWise to send data to Amazon Timestream. Make sure that your role has the permissions shown in the following AWS CLI example.
To create an IAM role with required policies
-
To create an IAM role, run the following command.
-
Replace
AWSIoTFleetwiseServiceRole
with the name of the role you're creating. -
Replace
trust-policy
with the JSON file that contains the trust policy.
aws iam create-role --role-name
AWSIoTFleetwiseServiceRole
--assume-role-policy-document file://trust-policy
.json{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "iotfleetwise.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
Example output
{ "Role": { "Path": "/", "RoleName": "AWSIoTFleetwiseServiceRole", "RoleId": "AROA5NYUCQRRSDBVAOP73", "Arn": "arn:aws:iam::12345678912:role/AWSIoTFleetwiseServiceRole", "CreateDate": "2021-11-22T00:54:33+00:00", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "iotfleetwise.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } } }
-
-
To create an IAM user policy, run the following command.
-
Replace
AWSIoTFleetwiseIAMUserPolicy
with the name of the policy you're creating. -
Replace
iam-user-policy
with the name of the JSON file that contains the IAM user policy.
aws iam create-policy --policy-name
AWSIoTFleetwiseIAMUserPolicy
--policy-document file://iam-user-policy
.json{ "Version": "2012-10-17", "Statement": [ { "Sid": "timestreamIngestion", "Effect": "Allow", "Action": [ "timestream:WriteRecords", "timestream:Select" ], "Resource": "*" }, { "Sid": "timestreamDescribeEndpoint", "Effect": "Allow", "Action": [ "timestream:DescribeEndpoints" ], "Resource": "*" } ] }
Example output
{ "Policy": { "PolicyName": "AWSIoTFleetwiseIAMUserPolicy", "PolicyId": "ANPA5NYUCQRRWIIGN2ZPH", "Arn": "arn:aws:iam::012345678912:policy/AWSIoTFleetwiseIAMUserPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-11-22T01:01:41+00:00", "UpdateDate": "2021-11-22T01:01:41+00:00" } }
-
-
From the output, copy the Amazon Resource Name (ARN) of the IAM user policy.
-
To attach the IAM user policy to your IAM role, run the following command.
-
Replace
iam-user-policy-arn
with the ARN that you copied in the previous step. -
Replace
AWSIoTFleetwiseServiceRole
with the name of the IAM role that you created.
aws iam attach-role-policy --policy-arn
iam-user-policy-arn
--role-nameAWSIoTFleetwiseServiceRole
-
-
To create a permissions policy, run the following command.
-
Replace
AWSIoTFleetwiseAccessTimestreamPermissionsPolicy
with the name of the policy you're creating. -
Replace
permissions-policy
with the name of the JSON file that contains the permissions policy.
aws iam create-policy --policy-name
AWSIoTFleetwiseAccessTimestreamPermissionsPolicy
--policy-document file://permissions-policy
.json{ "Version": "2012-10-17", "Statement": [ { "Sid": "timestreamIngestion", "Effect": "Allow", "Action": [ "timestream:WriteRecords", "timestream:Select" ], "Resource": "*" }, { "Sid": "timestreamDescribeEndpoint", "Effect": "Allow", "Action": [ "timestream:DescribeEndpoints" ], "Resource": "*" } ] }
Example output
{ "Policy": { "PolicyName": "AWSIoTFleetwiseAccessTimestreamPermissionsPolicy", "PolicyId": "ANPA5NYUCQRRUJFQEZCOI", "Arn": "arn:aws:iam::012345678912:policy/AWSIoTFleetwiseAccessTimestreamPermissionsPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-11-22T01:12:55+00:00", "UpdateDate": "2021-11-22T01:12:55+00:00" } }
-
-
From the output, copy the ARN of the permissions policy.
-
To attach the IAM permissions policy to your IAM role, run the following command.
-
Replace
permissions-policy-arn
with the ARN that you copied in the previous step. -
Replace
AWSIoTFleetwiseServiceRole
with the name of the IAM role that you created.
aws iam attach-role-policy --policy-arn
permissions-policy-arn
--role-nameAWSIoTFleetwiseServiceRole
-
For more information, see Access management for AWS resources in the IAM User Guide.
-
Configure settings (console)
In the AWS console, configure settings to transfer data to Amazon Timestream.
-
Navigate to the AWS IoT FleetWise console
. -
In the navigation pane, choose Settings.
-
On the Onboarding page, do the following:
-
For Timestream database name, enter the name of your Timestream database.
-
For Timestream table name, enter the name of your Timestream table.
-
-
Choose Submit.

After you update the settings, AWS automatically registers your AWS account, IAM role, and Timestream resources for access. The registration status can be one of the following:
-
REGISTRATION_SUCCESS – The AWS resource is successfully registered.
-
REGISTRATION_PENDING – AWS IoT FleetWise is processing the registration request. This process takes approximately five minutes to complete.
-
REGISTRATION_FAILURE – AWS IoT FleetWise can't register the AWS resource. Try again later.

Configure settings (AWS CLI)
In the AWS CLI, configure settings to transfer data to Amazon Timestream.
-
To configure the settings, run the following command.
aws iotfleetwise register-account --cli-input-json file://
file-name
.jsonExample AWS IoT FleetWise registration configuration
-
Replace
role-arn
with the IAM role that you created. -
Replace
database-name
with the name of your Timestream database. -
Replace
table-name
with the name of your Timestream table.
{ "iamResources": { "roleArn": "
role-arn
" }, "timestreamResources": { "timestreamDatabaseName": "database-name
", "timestreamTableName": "table-name
" } } -
-
To verify that your AWS account, IAM, and Amazon Timestream resources are registered, run the following command to retrieve the registration status.
aws iotfleetwise get-register-account-status
Example response
{ "accountStatus": "REGISTRATION_SUCCESS", "creationTime": "2022-07-28T11:31:22.603000-07:00", "customerAccountId": "012345678912", "iamRegistrationResponse": { "errorMessage": "", "registrationStatus": "REGISTRATION_SUCCESS", "roleArn": "arn:aws:iam::012345678912:role/AWSIoTFleetwiseServiceRole" }, "lastModificationTime": "2022-07-28T11:31:22.854000-07:00", "timestreamRegistrationResponse": { "errorMessage": "", "registrationStatus": "REGISTRATION_SUCCESS", "timestreamDatabaseArn": "arn:aws:timestream:us-east-1:012345678912:database/myDatabase", "timestreamDatabaseName": "myDatabase", "timestreamTableArn": "arn:aws:timestream:us-east-1:012345678912:database/myDatabase/table/myTable", "timestreamTableName": "myTable" } }
After you update the settings, AWS automatically registers your AWS account, IAM role, and Timestream resources for access. The registration status can be one of the following:
-
REGISTRATION_SUCCESS
– The AWS resource is successfully registered. -
REGISTRATION_PENDING
– AWS IoT FleetWise is processing the registration request. This process takes approximately five minutes to complete. -
REGISTRATION_FAILURE
– AWS IoT FleetWise can't register the AWS resource. Try again later.