Setting up AWS IoT FleetWise - AWS IoT FleetWise

Setting up AWS IoT FleetWise

AWS IoT FleetWise is in preview release and is subject to change. We recommend that you use the service only with test data, and not in production environments.

While AWS IoT FleetWise is in preview, you must download the preview AWS SDK and AWS CLI to use the API operations for this service. These API operations aren't available in the public AWS SDK or AWS CLI. For more information, see Preview AWS CLI and AWS SDKs.

When you sign up for AWS, your AWS account is automatically signed up for all services in AWS, including AWS IoT FleetWise.

To set up AWS IoT FleetWise, use the steps in the following sections.

Sign up for AWS

If you do not have an AWS account, complete the following steps to create one.

To sign up for an AWS account

  1. Open https://portal.aws.amazon.com/billing/signup.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

Create an IAM user

To create an administrator user for yourself and add the user to an administrators group (console)

  1. Sign in to the IAM console as the account owner by choosing Root user and entering your AWS account email address. On the next page, enter your password.

    Note

    We strongly recommend that you adhere to the best practice of using the Administrator IAM user that follows and securely lock away the root user credentials. Sign in as the root user only to perform a few account and service management tasks.

  2. In the navigation pane, choose Users and then choose Add user.

  3. For User name, enter Administrator.

  4. Select the check box next to AWS Management Console access. Then select Custom password, and then enter your new password in the text box.

  5. (Optional) By default, AWS requires the new user to create a new password when first signing in. You can clear the check box next to User must create a new password at next sign-in to allow the new user to reset their password after they sign in.

  6. Choose Next: Permissions.

  7. Under Set permissions, choose Add user to group.

  8. Choose Create group.

  9. In the Create group dialog box, for Group name enter Administrators.

  10. Choose Filter policies, and then select AWS managed - job function to filter the table contents.

  11. In the policy list, select the check box for AdministratorAccess. Then choose Create group.

    Note

    You must activate IAM user and role access to Billing before you can use the AdministratorAccess permissions to access the AWS Billing and Cost Management console. To do this, follow the instructions in step 1 of the tutorial about delegating access to the billing console.

  12. Back in the list of groups, select the check box for your new group. Choose Refresh if necessary to see the group in the list.

  13. Choose Next: Tags.

  14. (Optional) Add metadata to the user by attaching tags as key-value pairs. For more information about using tags in IAM, see Tagging IAM entities in the IAM User Guide.

  15. Choose Next: Review to see the list of group memberships to be added to the new user. When you are ready to proceed, choose Create user.

You can use this same process to create more groups and users and to give your users access to your AWS account resources. To learn about using policies that restrict user permissions to specific AWS resources, see Access management and Example policies.

Configure settings

Before exploring AWS IoT FleetWise, you must configure the service settings. The AWS IoT FleetWise edge agent software transfers your vehicle data to Amazon Timestream. To enable Amazon Timestream to receive your vehicle data, configure the settings. After the settings are configured, AWS IoT FleetWise automatically registers your AWS account, IAM, and Amazon Timestream resources for the preview access.

You can use the AWS IoT FleetWise console or API to configure the settings.

Prerequisites

To configure the settings, you need the following AWS resources.

Important
  • You must use the same AWS Region when you create Timestream resources for AWS IoT FleetWise. If you switch AWS Regions, you might have issues accessing the Timestream resources.

  • AWS IoT FleetWise is available in US East (N. Virginia) and Europe (Frankfurt).

  • For the list of supported Regions, see Timestream endpoints and quotas in the AWS General Reference.

  • An Amazon Timestream database. For a tutorial, see Create a database in the Amazon Timestream Developer Guide.

  • A table created in the specified Amazon Timestream database. For a tutorial, see Create a table in the Amazon Timestream Developer Guide.

  • An IAM role that allows AWS IoT FleetWise to send data to Amazon Timestream. Make sure that your role has the permissions shown in the following AWS CLI example.

    To create an IAM role with required policies

    1. To create an IAM role, run the following command.

      • Replace AWSIoTFleetwisePreviewServiceRole with the name of the role you're creating.

      • Replace trust-policy with the JSON file that contains the trust policy.

      aws iam create-role --role-name AWSIoTFleetwisePreviewServiceRole --assume-role-policy-document file://trust-policy.json
      { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "iotfleetwise.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }

      Example output

      { "Role": { "Path": "/", "RoleName": "AWSIoTFleetwisePreviewServiceRole", "RoleId": "AROA5NYUCQRRSDBVAOP73", "Arn": "arn:aws:iam::12345678912:role/AWSIoTFleetwisePreviewServiceRole", "CreateDate": "2021-11-22T00:54:33+00:00", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "iotfleetwise.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } } }
    2. To create an IAM user policy, run the following command.

      • Replace AWSIoTFleetwisePreviewIAMUserPolicy with the name of the policy you're creating.

      • Replace iam-user-policy with the name of the JSON file that contains the IAM user policy.

      aws iam create-policy --policy-name AWSIoTFleetwisePreviewIAMUserPolicy --policy-document file://iam-user-policy.json
      { "Version": "2012-10-17", "Statement": [ { "Sid": "timestreamIngestion", "Effect": "Allow", "Action": [ "timestream:WriteRecords", "timestream:Select" ], "Resource": "*" }, { "Sid": "timestreamDescribeEndpoint", "Effect": "Allow", "Action": [ "timestream:DescribeEndpoints" ], "Resource": "*" } ] }

      Example output

      { "Policy": { "PolicyName": "AWSIoTFleetwisePreviewIAMUserPolicy", "PolicyId": "ANPA5NYUCQRRWIIGN2ZPH", "Arn": "arn:aws:iam::922923205731:policy/AWSIoTFleetwisePreviewIAMUserPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-11-22T01:01:41+00:00", "UpdateDate": "2021-11-22T01:01:41+00:00" } }
    3. From the output, copy the Amazon Resource Name (ARN) of the IAM user policy.

    4. To attach the IAM user policy to your IAM role, run the following command.

      • Replace iam-user-policy-arn with the ARN that you copied in the previous step.

      • Replace AWSIoTFleetwisePreviewServiceRole with the name of the IAM role that you created.

      aws iam attach-role-policy --policy-arn iam-user-policy-arn --role-name AWSIoTFleetwisePreviewServiceRole
    5. To create a permissions policy, run the following command.

      • Replace AWSIoTFleetwiseAccessTimestreamPermissionsPolicy with the name of the policy you're creating.

      • Replace permissions-policy with the name of the JSON file that contains the permissions policy.

      aws iam create-policy --policy-name AWSIoTFleetwiseAccessTimestreamPermissionsPolicy --policy-document file://permissions-policy.json
      { "Version": "2012-10-17", "Statement": [ { "Sid": "timestreamIngestion", "Effect": "Allow", "Action": [ "timestream:WriteRecords", "timestream:Select" ], "Resource": "*" }, { "Sid": "timestreamDescribeEndpoint", "Effect": "Allow", "Action": [ "timestream:DescribeEndpoints" ], "Resource": "*" } ] }

      Example output

      { "Policy": { "PolicyName": "AWSIoTFleetwiseAccessTimestreamPermissionsPolicy", "PolicyId": "ANPA5NYUCQRRUJFQEZCOI", "Arn": "arn:aws:iam::012345678912:policy/AWSIoTFleetwiseAccessTimestreamPermissionsPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-11-22T01:12:55+00:00", "UpdateDate": "2021-11-22T01:12:55+00:00" } }
    6. From the output, copy the ARN of the permissions policy.

    7. To attach the IAM permissions policy to your IAM role, run the following command.

      • Replace permissions-policy-arn with the ARN that you copied in the previous step.

      • Replace AWSIoTFleetwisePreviewServiceRole with the name of the IAM role that you created.

      aws iam attach-role-policy --policy-arn permissions-policy-arn --role-name AWSIoTFleetwisePreviewServiceRole

    For more information, see Access management for AWS resources in the IAM User Guide.

Configure settings (console)

In the AWS CLI console, configure settings to transfer data to Amazon Timestream.

  1. Navigate to the AWS IoT FleetWise console.

  2. In the navigation pane, choose Settings.

  3. On the Onboarding page, do the following:

    • For Timestream database name, enter the name of your Timestream database.

    • For Timestream table name, enter the name of your Timestream table.

    • For Timestream access role, enter the ARN of the IAM role that you created.

  4. Choose Submit.


     An example the AWS IoT FleetWise Settings page that shows how to configure the service settings.

After you update the settings, AWS automatically registers your AWS account, IAM role, and Timestream resources for the preview access. The registration status can be one of the following:

  • REGISTRATION_SUCCESS – The AWS resource is successfully registered.

  • REGISTRATION_PENDING – AWS IoT FleetWise is processing the registration request. This process takes approximately five minutes to complete.

  • REGISTRATION_FAILURE – AWS IoT FleetWise can't register the AWS resource. Try again later.


     An example AWS IoT FleetWise Settings page that shows the summary of the service settings.

Configure settings (AWS CLI)

In the AWS CLI, configure settings to transfer data to Amazon Timestream.

  1. To configure the settings, run the following command.

    aws iotfleetwise register-account --cli-input-json file://file-name.json

    Example AWS IoT FleetWise registration configuration

    • Replace role-arn with the IAM role that you created.

    • Replace database-name with the name of your Timestream database.

    • Replace table-name with the name of your Timestream table.

    { "iamResources": { "roleArn": "role-arn" }, "timestreamResources": { "timestreamDatabaseName": "database-name", "timestreamTableName": "table-name" } }
  2. To verify that your AWS account, IAM, and Amazon Timestream resources are registered, run the following command to retrieve the registration status.

    aws iotfleetwise get-register-account-status

    Example response

    { "accountStatus": "REGISTRATION_SUCCESS", "creationDate": 1637546612753, "customerAccountId": "012345678912", "iamRegistrationResponse": { "errorMessage": "", "registrationStatus": "REGISTRATION_SUCCESS", "roleArn": "arn:aws:iam::012345678912:role/AWSIoTFleetwisePreviewServiceRole" }, "lastModificationDate": 1637546614035, "timestreamRegistrationResponse": { "errorMessage": "", "registrationStatus": "REGISTRATION_SUCCESS", "timestreamDatabaseArn": "arn:aws:timestream:us-east-1:012345678912:database/myDatabase", "timestreamDatabaseName": "myDatabase", "timestreamTableArn": "arn:aws:timestream:us-east-1:922923205731:database/myDatabase/table/myTable", "timestreamTableName": "myTable" } }

After you update the settings, AWS automatically registers your AWS account, IAM role, and Timestream resources for the preview access. The registration status can be one of the following:

  • REGISTRATION_SUCCESS – The AWS resource is successfully registered.

  • REGISTRATION_PENDING – AWS IoT FleetWise is processing the registration request. This process takes approximately five minutes to complete.

  • REGISTRATION_FAILURE – AWS IoT FleetWise can't register the AWS resource. Try again later.