Setting up AWS IoT FleetWise - AWS IoT FleetWise

Setting up AWS IoT FleetWise

When you sign up for AWS, your AWS account is automatically signed up for all services in AWS, including AWS IoT FleetWise.

To set up AWS IoT FleetWise, use the steps in the following sections.

Sign up for AWS

If you do not have an AWS account, complete the following steps to create one.

To sign up for an AWS account

  1. Open https://portal.aws.amazon.com/billing/signup.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

    When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to an administrative user, and use only the root user to perform tasks that require root user access.

Create an IAM user

To create an administrator user, choose one of the following options.

Choose one way to manage your administrator To By You can also
In IAM Identity Center

(Recommended)

Use short-term credentials to access AWS.

This aligns with the security best practices. For information about best practices, see Security best practices in IAM in the IAM User Guide.

Following the instructions in Getting started in the AWS IAM Identity Center (successor to AWS Single Sign-On) User Guide. Configure programmatic access by Configuring the AWS CLI to use AWS IAM Identity Center (successor to AWS Single Sign-On) in the AWS Command Line Interface User Guide.
In IAM

(Not recommended)

Use long-term credentials to access AWS. Following the instructions in Creating your first IAM admin user and user group in the IAM User Guide. Configure programmatic access by Managing access keys for IAM users in the IAM User Guide.

Configure settings

Before exploring AWS IoT FleetWise, you must configure the service settings. Your Edge Agent software transfers your vehicle data to Amazon Timestream. To enable Amazon Timestream to receive your vehicle data, configure the settings. After the settings are configured, AWS IoT FleetWise automatically registers your AWS account, IAM, and Amazon Timestream resources for the preview access.

You can use the AWS IoT FleetWise console or API to configure the settings.

Prerequisites

To configure the settings, you need the following AWS resources.

Important
  • You must use the same AWS Region when you create Timestream resources for AWS IoT FleetWise. If you switch AWS Regions, you might have issues accessing the Timestream resources.

  • AWS IoT FleetWise is available in US East (N. Virginia) and Europe (Frankfurt).

  • For the list of supported Regions, see Timestream endpoints and quotas in the AWS General Reference.

  • An Amazon Timestream database. For a tutorial, see Create a database in the Amazon Timestream Developer Guide.

  • A table created in the specified Amazon Timestream database. For a tutorial, see Create a table in the Amazon Timestream Developer Guide.

  • An IAM role that allows AWS IoT FleetWise to send data to Amazon Timestream. Make sure that your role has the permissions shown in the following AWS CLI example.

    To create an IAM role with required policies

    1. To create an IAM role, run the following command.

      • Replace AWSIoTFleetwisePreviewServiceRole with the name of the role you're creating.

      • Replace trust-policy with the JSON file that contains the trust policy.

      aws iam create-role --role-name AWSIoTFleetwisePreviewServiceRole --assume-role-policy-document file://trust-policy.json
      { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "iotfleetwise.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }

      Example output

      { "Role": { "Path": "/", "RoleName": "AWSIoTFleetwisePreviewServiceRole", "RoleId": "AROA5NYUCQRRSDBVAOP73", "Arn": "arn:aws:iam::12345678912:role/AWSIoTFleetwisePreviewServiceRole", "CreateDate": "2021-11-22T00:54:33+00:00", "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "iotfleetwise.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } } }
    2. To create an IAM user policy, run the following command.

      • Replace AWSIoTFleetwisePreviewIAMUserPolicy with the name of the policy you're creating.

      • Replace iam-user-policy with the name of the JSON file that contains the IAM user policy.

      aws iam create-policy --policy-name AWSIoTFleetwisePreviewIAMUserPolicy --policy-document file://iam-user-policy.json
      { "Version": "2012-10-17", "Statement": [ { "Sid": "timestreamIngestion", "Effect": "Allow", "Action": [ "timestream:WriteRecords", "timestream:Select" ], "Resource": "*" }, { "Sid": "timestreamDescribeEndpoint", "Effect": "Allow", "Action": [ "timestream:DescribeEndpoints" ], "Resource": "*" } ] }

      Example output

      { "Policy": { "PolicyName": "AWSIoTFleetwisePreviewIAMUserPolicy", "PolicyId": "ANPA5NYUCQRRWIIGN2ZPH", "Arn": "arn:aws:iam::012345678912:policy/AWSIoTFleetwisePreviewIAMUserPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-11-22T01:01:41+00:00", "UpdateDate": "2021-11-22T01:01:41+00:00" } }
    3. From the output, copy the Amazon Resource Name (ARN) of the IAM user policy.

    4. To attach the IAM user policy to your IAM role, run the following command.

      • Replace iam-user-policy-arn with the ARN that you copied in the previous step.

      • Replace AWSIoTFleetwisePreviewServiceRole with the name of the IAM role that you created.

      aws iam attach-role-policy --policy-arn iam-user-policy-arn --role-name AWSIoTFleetwisePreviewServiceRole
    5. To create a permissions policy, run the following command.

      • Replace AWSIoTFleetwiseAccessTimestreamPermissionsPolicy with the name of the policy you're creating.

      • Replace permissions-policy with the name of the JSON file that contains the permissions policy.

      aws iam create-policy --policy-name AWSIoTFleetwiseAccessTimestreamPermissionsPolicy --policy-document file://permissions-policy.json
      { "Version": "2012-10-17", "Statement": [ { "Sid": "timestreamIngestion", "Effect": "Allow", "Action": [ "timestream:WriteRecords", "timestream:Select" ], "Resource": "*" }, { "Sid": "timestreamDescribeEndpoint", "Effect": "Allow", "Action": [ "timestream:DescribeEndpoints" ], "Resource": "*" } ] }

      Example output

      { "Policy": { "PolicyName": "AWSIoTFleetwiseAccessTimestreamPermissionsPolicy", "PolicyId": "ANPA5NYUCQRRUJFQEZCOI", "Arn": "arn:aws:iam::012345678912:policy/AWSIoTFleetwiseAccessTimestreamPermissionsPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-11-22T01:12:55+00:00", "UpdateDate": "2021-11-22T01:12:55+00:00" } }
    6. From the output, copy the ARN of the permissions policy.

    7. To attach the IAM permissions policy to your IAM role, run the following command.

      • Replace permissions-policy-arn with the ARN that you copied in the previous step.

      • Replace AWSIoTFleetwisePreviewServiceRole with the name of the IAM role that you created.

      aws iam attach-role-policy --policy-arn permissions-policy-arn --role-name AWSIoTFleetwisePreviewServiceRole

    For more information, see Access management for AWS resources in the IAM User Guide.

Configure settings (console)

In the AWS console, configure settings to transfer data to Amazon Timestream.

  1. Navigate to the AWS IoT FleetWise console.

  2. In the navigation pane, choose Settings.

  3. On the Onboarding page, do the following:

    • For Timestream database name, enter the name of your Timestream database.

    • For Timestream table name, enter the name of your Timestream table.

    • For Timestream access role, enter the ARN of the IAM role that you created.

  4. Choose Submit.


     The AWS IoT FleetWise Settings page that shows how to configure the service settings.

After you update the settings, AWS automatically registers your AWS account, IAM role, and Timestream resources for the preview access. The registration status can be one of the following:

  • REGISTRATION_SUCCESS – The AWS resource is successfully registered.

  • REGISTRATION_PENDING – AWS IoT FleetWise is processing the registration request. This process takes approximately five minutes to complete.

  • REGISTRATION_FAILURE – AWS IoT FleetWise can't register the AWS resource. Try again later.


     An example AWS IoT FleetWise Settings page that shows the summary of the service
      settings.

Configure settings (AWS CLI)

In the AWS CLI, configure settings to transfer data to Amazon Timestream.

  1. To configure the settings, run the following command.

    aws iotfleetwise register-account --cli-input-json file://file-name.json

    Example AWS IoT FleetWise registration configuration

    • Replace role-arn with the IAM role that you created.

    • Replace database-name with the name of your Timestream database.

    • Replace table-name with the name of your Timestream table.

    { "iamResources": { "roleArn": "role-arn" }, "timestreamResources": { "timestreamDatabaseName": "database-name", "timestreamTableName": "table-name" } }
  2. To verify that your AWS account, IAM, and Amazon Timestream resources are registered, run the following command to retrieve the registration status.

    aws iotfleetwise get-register-account-status

    Example response

    { "accountStatus": "REGISTRATION_SUCCESS", "creationTime": "2022-07-28T11:31:22.603000-07:00", "customerAccountId": "012345678912", "iamRegistrationResponse": { "errorMessage": "", "registrationStatus": "REGISTRATION_SUCCESS", "roleArn": "arn:aws:iam::012345678912:role/AWSIoTFleetwisePreviewServiceRole" }, "lastModificationTime": "2022-07-28T11:31:22.854000-07:00", "timestreamRegistrationResponse": { "errorMessage": "", "registrationStatus": "REGISTRATION_SUCCESS", "timestreamDatabaseArn": "arn:aws:timestream:us-east-1:012345678912:database/myDatabase", "timestreamDatabaseName": "myDatabase", "timestreamTableArn": "arn:aws:timestream:us-east-1:012345678912:database/myDatabase/table/myTable", "timestreamTableName": "myTable" } }

After you update the settings, AWS automatically registers your AWS account, IAM role, and Timestream resources for the preview access. The registration status can be one of the following:

  • REGISTRATION_SUCCESS – The AWS resource is successfully registered.

  • REGISTRATION_PENDING – AWS IoT FleetWise is processing the registration request. This process takes approximately five minutes to complete.

  • REGISTRATION_FAILURE – AWS IoT FleetWise can't register the AWS resource. Try again later.