Consider frequency band selection and add necessary IAM role - AWS IoT Wireless

Consider frequency band selection and add necessary IAM role

Before you add your gateway to AWS IoT Core for LoRaWAN, we recommend that you consider the frequency band in which your gateway will be operating and add the necessary IAM role for connecting your gateway to AWS IoT Core for LoRaWAN.


If you're adding your gateway using the console, click Create role in the console to create the necessary IAM role so you can then skip these steps. You need to perform these steps only if you're using the CLI to create the gateway.

Consider selection of LoRa frequency bands for your gateways and device connection

AWS IoT Core for LoRaWAN supports EU863-870, US902-928, AU915, and AS923-1 frequency bands, which you can use to connect your gateways and devices that are physically present in countries that support the frequency ranges and characteristics of these bands. The EU863-870 and US902-928 bands are commonly used in Europe and North America, respectively. The AS923-1 band is commonly used in Australia, New Zealand, Japan, and Singapore among other countries. The AU915 is used in Australia and Argentina among other countries. For more information about which frequency band to use in your region or country, see LoRaWAN® Regional Parameters.

LoRa Alliance publishes LoRaWAN specifications and regional parameter documents that are available for download from the LoRa Alliance website. The LoRa Alliance regional parameters help companies decide which frequency band to use in their region or country. AWS IoT Core for LoRaWAN's frequency band implementation follows the recommendation in the regional parameters specification document. These regional parameters are grouped into a set of radio parameters, along with a frequency allocation that is adapted to the Industrial, Scientific, and Medical (ISM) band. We recommend that you work with the compliance teams to ensure that you meet any applicable regulatory requirements.

Add an IAM role to allow the Configuration and Update Server (CUPS) to manage gateway credentials

This procedure describes how to add an IAM role that will allow the Configuration and Update Server (CUPS) to manage gateway credentials. Make sure you perform this procedure before a LoRaWAN gateway tries to connect with AWS IoT Core for LoRaWAN; however, you need to do this only once.

Add the IAM role to allow the Configuration and Update Server (CUPS) to manage gateway credentials
  1. Open the Roles hub of the IAM console and choose Create role.

  2. If you think that you might have already added the IoTWirelessGatewayCertManagerRole role, in the search bar, enter IoTWirelessGatewayCertManagerRole.

    If you see an IoTWirelessGatewayCertManagerRole role in the search results, you have the necessary IAM role. You can leave the procedure now.

    If the search results are empty, you don't have the necessary IAM role. Continue the procedure to add it.

  3. In Select type of trusted entity, choose Another AWS account.

  4. In Account ID, enter your AWS account ID, and then choose Next: Permissions.

  5. In the search box, enter AWSIoTWirelessGatewayCertManager.

  6. In the list of search results, select the policy named AWSIoTWirelessGatewayCertManager.

  7. Choose Next: Tags, and then choose Next: Review.

  8. In Role name, enter IoTWirelessGatewayCertManagerRole, and then choose Create role.

  9. To edit the new role, in the confirmation message, choose IoTWirelessGatewayCertManagerRole.

  10. In Summary, choose the Trust relationships tab, and then choose Edit trust relationship.

  11. In Policy Document, change the Principal property to look like this example.

    "Principal": { "Service": "" },

    After you change the Principal property, the complete policy document should look like this example.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "" }, "Action": "sts:AssumeRole", "Condition": {} } ] }
  12. To save your changes and exit, choose Update Trust Policy.

You’ve now created the IoTWirelessGatewayCertManagerRole. You won’t need to do this again.

If you performed this procedure while you were adding a gateway, you can close this window and the IAM console and return to the AWS IoT console to finish adding the gateway.