Use simple setup to onboard and operate devices - Managed integrations for AWS IoT Device Management

Use simple setup to onboard and operate devices

Set up your devices to be onboarded to your managed integrations hub by creating a managed thing and connecting it to your hub. This section describes the steps to complete the device onboarding process using simple setup.

Prerequisites

Complete these steps before attempting to onboard a device:

Step 1: Create a credential locker

Create a credential locker for your device.

To create a credential locker
  • Use the create-credential-locker command. Executing this command will trigger the creation of all manufacturing resources including the Wi-Fi setup key pair and device certificate.

    create-credential-locker example

    aws iot-managed-integrations create-credential-locker \ --name "DEVICE_NAME"

    Response:

    { "Id": "LOCKER_ID" "Arn": "arn:aws:iotmanagedintegrations:AWS_REGION:AWS_ACCOUNT_ID:credential-locker/LOCKER_ID "CreatedAt": "2025-06-09T13:58:52.977000+08:00" }

    For more information, see the create-credential-locker command in the managed integrations AWS CLI Command Reference.

Step 2: Add the credential locker to your hub

Add the credential locker to your hub.

To add a credential locker to your hub
  • Use the following command to add a credential locker to your hub.

    aws iotmi --region AWS_REGION --endpoint AWS_ENDPOINT update-managed-thing \ --identifier "HUB_MANAGED_THING_ID" --credential-locker-id "LOCKER_ID"

Step 3: Create a managed thing with credentials.

Create a managed thing with credentials for your device. Each device requires its own managed thing.

To create a managed thing
  • Use the create-managed-thing command to create a managed thing for your device.

    create-managed-thing example

    #ZWAVE: aws iot-managed-integrations create-managed-thing --role DEVICE \ --authentication-material '900137947003133...' \ #auth material from zwave qr code --authentication-material-type ZWAVE_QR_BAR_CODE \ --credential-locker-id ${locker_id} #ZIGBEE: aws iot-managed-integrations create-managed-thing --role DEVICE \ --authentication-material 'Z:286...$I:A4DC00.' \ #auth material from zigbee qr code --authentication-material-type ZIGBEE_QR_BAR_CODE \ --credential-locker-id ${locker_id}
    Note

    There are separate commands for Z-wave and Zigbee devices.

    Response:

    { "Id": "DEVICE_MANAGED_THING_ID" "Arn": "arn:aws:iotmanagedintegrations:AWS_REGION:AWS_ACCOUNT_ID:managed-thing/DEVICE_MANAGED_THING_ID" "CreatedAt": "2025-06-09T13:58:52.977000+08:00" }

    For more information, see the create-managed-thing command in the managed integrations AWS CLI Command Reference.

Step 4: Plug in the device and check its status.

Plug in the device and check its status.
  • Use the get-managed-thing command to check your device's status.

    get-managed-thing example

    #KINESIS NOTIFICATION: { "version": "1.0.0", "messageId": "4ac684bb7f4c41adbb2eecc1e7991xxx", "messageType": "DEVICE_LIFE_CYCLE", "source": "aws.iotmanagedintegrations", "customerAccountId": "12345678901", "timestamp": "2025-06-10T05:30:59.852659650Z", "region": "us-east-1", "resources": ["XXX"], "payload": { "deviceDetails": { "id": "1e84f61fa79a41219534b6fd57052XXX", "arn": "XXX", "createdAt": "2025-06-09T06:24:34.336120179Z", "updatedAt": "2025-06-10T05:30:59.784157019Z" }, "status": "ACTIVATED" } } aws iot-managed-integrations get-managed-thing \ --identifier :"DEVICE_MANAGED_THING_ID"

    Response:

    { "Id": "DEVICE_MANAGED_THING_ID" "Arn": "arn:aws:iotmanagedintegrations:AWS_REGION:AWS_ACCOUNT_ID:managed-thing/MANAGED_THING_ID" "CreatedAt": "2025-06-09T13:58:52.977000+08:00" }

    For more information, see the get-managed-thing command in the managed integrations AWS CLI Command Reference.

Step 5: Get Device Capabilities

Use the get-managed-thing-capabilities command to obtain your endpoint ID and view a list of possible actions for your device.

To get a device's capabilities
  • Use the get-managed-thing-capabilities command and note the endpoint ID.

    get-managed-thing-capabilties example

    aws iotmi get-managed-thing-capabilities \ --identifier "DEVICE_MANAGED_THING_ID"

    Response:

    { "ManagedThingId": "1e84f61fa79a41219534b6fd57052cbc", "CapabilityReport": { "version": "1.0.0", "nodeId": "zw.FCB10009+06", "endpoints": [ { "id": "ENDPOINT_ID" "deviceTypes": [ "On/Off Switch" ], "capabilities": [ { "id": "matter.OnOff@1.4", "name": "On/Off", "version": "6", "properties": [ "OnOff" ], "actions": [ "Off", "On" ], "events": [] } ... }

    For more information, see the get-managed-thing-capabilities command in the managed integrations AWS CLI Command Reference.

Step 6: Send a command to the managed thing

Use the send-managed-thing-command command to send a toggle action command to your managed thing.

To send a command to your managed thing
  • Use the send-managed-thing-command command to send a command to your managed thing.

    send-managed-thing-command example

    json=$(jq -cr '.|@json') <<EOF [ { "endpointId": "1", "capabilities": [ { "id": "matter.OnOff@1.4", "name": "On/Off", "version": "1", "actions": [ { "name": "Toggle", "parameters": {} } ] } ] } ] EOF aws iot-managed-integrations send-managed-thing-command \ --managed-thing-id "DEVICE_MANAGED_THING_ID" --endpoints "ENDPOINT_ID"
    Note

    This example uses jq cli to but you can also pass the entire endpointId string

    Response:

    { "TraceId": "TRACE_ID" }

    For more information, see the send-managed-thing-command command in the managed integrations AWS CLI Command Reference.

Step 7: Remove the managed thing from your hub

Clean up your hub by removing the managed thing.

To delete a managed thing
  • Use the delete-managed-thing command to remove a managed thing from your device hub.

    delete-managed-thing example

    aws iot-managed-integrations delete-managed-thing \ --identifier "DEVICE_MANAGED_THING_ID"

    For more information, see the delete-managed-thing command in the managed integrations AWS CLI Command Reference.

    Note

    If the device is stuck in a DELETE_IN_PROGRESS state, append the --force flag to the delete-managed-thing command.

    Note

    For Z-wave devices, you need to put the device into pairing mode after executing the command.