AWS IoT provides secure and bi-directional communication between end devices (such as sensors, actuators, embedded micro-controllers, smart appliances) and the AWS Cloud. This document will explain how to connect Milesight LoRaWAN gateway to AWS via MQTT protocol.


  • Milesight UG85/UG87 LoRaWAN gateway (Firmware version: 80.0.0.x or not less than )


1. AWS Configuration

2. Gateway Configuration

3. Data visualization in AWS

AWS Configuration

Create a Thing

1. Log in AWS account. 

2. Go to “Manage > Things” and click “Create” button to create a thing.

3. Click “Create a single thing”.

4. Name the thing and click “Next”.

5. Select either “ Create certificate” or “Create thing without certificate”.

Create Certificates

Note: Skip this section if you choose “Create certificate”  in last section or you already have AWS certificates.

1. Go to “Secure > Certificates” and click “Create” to create certificates.

2. After certificates have been created, download all certificates and click “Activate”.

3. Click “download”root CA, you will be lead to AWS IoT Developer Guide. Go to “Security > Authentication > Server Authentication” and read the guide about CA certificate. Then click “Amazon Root CA 1” and copy the code to create a ca.pem.


CA certificates have an expiration date after which they cannot be used to validate a server's certificate. CA certificates are needed to be replaced after expiration date in order to ensure ongoing connectivity and to keep up to date with security best practices.

Here are all certificates for device connection:

Create Policy

1. Go to “Secure > Policies” and click “Create” to create a policy.

2. Name the policyand add statements as shown below.

3. Click the three dots on the certificates we created in last section and select “Attach Policy”.

4. Choose and attach the policy we created for gateway.

Note: Click certificates to check if correct policy and thing are attached.

Gateway Configuration

1. Connect UG8x gateway to the Internet. Refer to guide How to Connect Milesight Gateway to the Internet for more details.

2. Go to “Network Server> General” to enable network server mode. 

Note: If firmware version is higher than, go to “Packet Forwarder > General” to enable Milesight type server.

3. Go to “Network Server > Application”to add an application, then add a data transmission type “MQTT”.

4. Fill in AWS information and import certificates, then save the configuration.

  • Broker address: It can be found on “AWS web GUI >Settings > Endpoint”.
  • Broker Port: 8883
  • Client ID: AWS Thing name
  • TLS mode: Self signed certificates
  • Key file: ca.pem, certificate.pem.crt, private.pem.key

Data Visualization in AWS

1. Go to “AWS Web GUI> Test” page.


Green sign on the top right corner: Gateway is configured correctly and successfully connected.

Red sign on the top right corner: Gateway is not connected. MQTT connection error.

2. Subscribe the topic of gateway.

3. Check the details of LoRaWAN data from gateway.