Use simple setup to onboard and operate devices

Set up your devices to be onboarded to your managed integrations hub by creating a managed thing and connecting it to your hub. This section describes the steps to complete the device onboarding process using simple setup.

Prerequisites

Complete these steps before attempting to onboard a device:

Onboard a hub device to the managed integrations hub.
Install the latest version of AWS CLI from the Managed Integrations AWS CLI Command Reference
Subscribe to DEVICE_LIFE_CYCLE event notifications.

Setup steps

Step 1: Create a credential locker
Step 2: Add the credential locker to your hub
Step 3: Create a managed thing with credentials.
Step 4: Plug in the device and check its status.
Step 5: Get Device Capabilities
Step 6: Send a command to the managed thing
Step 7: Remove the managed thing from your hub

Step 1: Create a credential locker

Create a credential locker for your device.

To create a credential locker

Use the create-credential-locker command. Executing this command will trigger the creation of all manufacturing resources including the Wi-Fi setup key pair and device certificate.

create-credential-locker example
```
aws iot-managed-integrations create-credential-locker \
  --name "DEVICE_NAME"
```
Response:
```
{    
  "Id": "LOCKER_ID"
  "Arn": "arn:aws:iotmanagedintegrations:AWS_REGION:AWS_ACCOUNT_ID:credential-locker/LOCKER_ID
  "CreatedAt": "2025-06-09T13:58:52.977000+08:00"
}
```
For more information, see the create-credential-locker command in the managed integrations AWS CLI Command Reference.

Step 2: Add the credential locker to your hub

Add the credential locker to your hub.

To add a credential locker to your hub

Use the following command to add a credential locker to your hub.


aws iotmi --region AWS_REGION --endpoint AWS_ENDPOINT update-managed-thing \
--identifier "HUB_MANAGED_THING_ID" --credential-locker-id "LOCKER_ID"

Step 3: Create a managed thing with credentials.

Create a managed thing with credentials for your device. Each device requires its own managed thing.

To create a managed thing

Use the create-managed-thing command to create a managed thing for your device.

create-managed-thing example


#ZWAVE: 
aws iot-managed-integrations create-managed-thing --role DEVICE \
--authentication-material '900137947003133...' \ #auth material from zwave qr code
--authentication-material-type ZWAVE_QR_BAR_CODE \
--credential-locker-id ${locker_id}

#ZIGBEE:
aws iot-managed-integrations create-managed-thing --role DEVICE \
--authentication-material 'Z:286...$I:A4DC00.' \ #auth material from zigbee qr code
--authentication-material-type ZIGBEE_QR_BAR_CODE \
--credential-locker-id ${locker_id}

Note

There are separate commands for Z-wave and Zigbee devices.

Response:


{    
  "Id": "DEVICE_MANAGED_THING_ID"
  "Arn": "arn:aws:iotmanagedintegrations:AWS_REGION:AWS_ACCOUNT_ID:managed-thing/DEVICE_MANAGED_THING_ID"
  "CreatedAt": "2025-06-09T13:58:52.977000+08:00"
}

For more information, see the create-managed-thing command in the managed integrations AWS CLI Command Reference.

Step 4: Plug in the device and check its status.

Plug in the device and check its status.

Use the get-managed-thing command to check your device's status.

get-managed-thing example


#KINESIS NOTIFICATION:
{
    "version": "1.0.0",
    "messageId": "4ac684bb7f4c41adbb2eecc1e7991xxx",
    "messageType": "DEVICE_LIFE_CYCLE",
    "source": "aws.iotmanagedintegrations",
    "customerAccountId": "12345678901",
    "timestamp": "2025-06-10T05:30:59.852659650Z",
    "region": "us-east-1",
    "resources": ["XXX"],
    "payload": {
        "deviceDetails": {
            "id": "1e84f61fa79a41219534b6fd57052XXX",
            "arn": "XXX",
            "createdAt": "2025-06-09T06:24:34.336120179Z",
            "updatedAt": "2025-06-10T05:30:59.784157019Z"
        },
        "status": "ACTIVATED"
    }
}
aws iot-managed-integrations get-managed-thing \
--identifier :"DEVICE_MANAGED_THING_ID"

Response:


{    
  "Id": "DEVICE_MANAGED_THING_ID"
  "Arn": "arn:aws:iotmanagedintegrations:AWS_REGION:AWS_ACCOUNT_ID:managed-thing/MANAGED_THING_ID"
  "CreatedAt": "2025-06-09T13:58:52.977000+08:00"
}

For more information, see the get-managed-thing command in the managed integrations AWS CLI Command Reference.

Step 5: Get Device Capabilities

Use the get-managed-thing-capabilities command to obtain your endpoint ID and view a list of possible actions for your device.

To get a device's capabilities

Use the get-managed-thing-capabilities command and note the endpoint ID.

get-managed-thing-capabilties example


aws iotmi get-managed-thing-capabilities \
--identifier "DEVICE_MANAGED_THING_ID"

Response:


{    
    "ManagedThingId": "1e84f61fa79a41219534b6fd57052cbc",
    "CapabilityReport": {
        "version": "1.0.0",
        "nodeId": "zw.FCB10009+06",
        "endpoints": [
            {
                "id": "ENDPOINT_ID"
                "deviceTypes": [
                    "On/Off Switch"
                ],
                "capabilities": [
                    {
                        "id": "matter.OnOff@1.4",
                        "name": "On/Off",
                        "version": "6",
                        "properties": [
                            "OnOff"
                        ],
                        "actions": [
                            "Off",
                            "On"
                        ],
                        "events": []
                    }
                    ...
}

For more information, see the get-managed-thing-capabilities command in the managed integrations AWS CLI Command Reference.

Step 6: Send a command to the managed thing

Use the send-managed-thing-command command to send a toggle action command to your managed thing.

To send a command to your managed thing

Use the send-managed-thing-command command to send a command to your managed thing.

send-managed-thing-command example


json=$(jq -cr '.|@json') <<EOF
[
  {
    "endpointId": "1",
    "capabilities": [
      {
        "id": "matter.OnOff@1.4",
        "name": "On/Off",
        "version": "1",
        "actions": [
          {
            "name": "Toggle",
            "parameters": {}
          }
        ]
      }
    ]
  }
]
EOF
aws iot-managed-integrations send-managed-thing-command \
--managed-thing-id "DEVICE_MANAGED_THING_ID" --endpoints "ENDPOINT_ID"

Note

This example uses jq cli to but you can also pass the entire endpointId string

Response:


{    
"TraceId": "TRACE_ID"
}

For more information, see the send-managed-thing-command command in the managed integrations AWS CLI Command Reference.

Step 7: Remove the managed thing from your hub

Clean up your hub by removing the managed thing.

To delete a managed thing

Use the delete-managed-thing command to remove a managed thing from your device hub.

delete-managed-thing example
```
aws iot-managed-integrations delete-managed-thing \
--identifier "DEVICE_MANAGED_THING_ID"
```
For more information, see the delete-managed-thing command in the managed integrations AWS CLI Command Reference.

Note
If the device is stuck in a DELETE_IN_PROGRESS state, append the --force flag to the delete-managed-thing command.

Note
For Z-wave devices, you need to put the device into pairing mode after executing the command.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Onboard devices and operate them in hub

User guided setup to onboard and operate devices