This guide introduces the steps to take in purpose of connecting Milesight IoT LoRaWAN end-devices to AWS IoT Core for LoRaWAN. If you don’t have an AWS account, refer to the instructions in the guide here.

The high-level steps to get started with AWS IoT Core for LoRaWAN are as follows:

  1. Add LoRaWAN gateway on AWS IoT Link
  2. Add the end-device

These steps are detailed below. For additional help, refer to the AWS LoRaWAN developer guide.

Once setup is completed, provisioned devices can join the network and start to send messages. Messages from devices can then be received by AWS IoT Core for LoRaWAN and forwarded to the IoT Rules Engine.


  • An AWS account
  • LoRaWAN gateway (e.g., UG56, UG6x) that’s already connected to AWS IoT for LoRaWAN
  • Milesight LoRaWAN end device whose frequency plan matches the gateway’s LoRaWAN region
  • MAC Version. This must be one of the following that are supported on AWS (By default, Milesight devices use v1.0.3)
    • 1.0.2
    • 1.0.3
  • Activation method to use (By default, Milesight devices use OTAA v1.0.x)
    • OTAA v1.0.x
    • ABP v1.0.x
  • Copy the following information from device’s payload structure on Milesight IoT document center:
    • For OTAA v1.0.x devices: DevEUI, AppKey, AppEUI
    • For ABP v1.0.x devices: DevEUI, DevAddr, NwkSkey, AppSkey


Add IAM role for Destination to AWS IoT Core for LoRaWAN

Create a policy that gives the role permissions to describe the IoT endpoint and publish messages to AWS IoT.

1. Go to the IAM console, choose Policies from the navigation panel, Choose Create Policy

  • Then choose the JSON tab to open the policy editor. Replace the existing template with this trust policy document:
      "Version": "2012-10-17", 
      "Statement": [
        "Effect": "Allow", 
        "Resource": "*"

  • Clink Next, enter a name of the policy. For Description, enter a description of your choice.
  • Choose Create policy. You will see a confirmation message indicating that the policy has been created.

2. In the IAM console, choose Create Role.

  • Choose AWS account and This account, click Next.
  • Search for the IAM policy you just created by entering the policy name in the search bar, click Next.
  • For Role name, enter an appropriate name of your choice. In this article we use MilesightRole. For Description, enter a description of your choice.
  • Choose Create role. You will see a confirmation message indicating that your role has been created.

3. In the Roles page, choose MilesightRole to edit the role.

  • Choose the Trust relationships tab to navigate to the Trust relationships page, then choose Edit trust policy

  • The principal AWS role in your trust policy document defaults to root, and must be changed. Replace the existing policy with this:
  • {
      "Version": "2012-10-17",
      "Statement": [
        "Sid": "",
        "Effect": "Allow",
        "Principal": {
          "Service": ""
        "Action": "sts:AssumeRole",
        "Condition": {}

  • Choose Update Trust Policy to save your changes and exit.

Set up a Destination for device traffic

Since most LoRaWAN devices don't send data to AWS IoT Core for LoRaWAN in a format that can be consumed by AWS services, traffic must firstly be sent to a Destination. A Destination represents the AWS IoT rule that processes a device's data for use by AWS services. This AWS IoT rule contains the SQL statement that selects the device's data and the topic rule actions that send the result of the SQL statement to the services that will use it. For more information on Destinations, refer to the AWS LoRaWAN developer guide.

1. Navigate to Manage > LPWAN devices > Destinations page, choose Add destination.

  • Enter ProcessLoRa as the Destination name, and an appropriate description under Destination description – optional.
  • For Rule name enter LoRaWANRouting. Ignore the section Rules configuration – Optional for now.

NOTE: The name can be anything. For getting started and consistency, choose above names for the first integration with AWS IoT Core for LoRaWAN.

  • In the Permissions section select the IAM role you had created earlier from the drop-down.
  • Choose Add Destination. You will see a message “Destination added”, indicating the destination has been successfully added.

Verify Profiles

AWS IoT Core for LoRaWAN supports device profiles and service profiles. Device profiles contain the communication and protocol parameter values the device needs to communicate with the network server. Service profiles describe the communication parameters the device needs to communicate with the application server.

Some pre-defined profiles are available for device and service profiles. Before proceeding, verify that these profile settings match the devices you will be setting up to work with AWS IoT Core for LoRaWAN.

1. Navigate to the AWS IoT console. In the navigation pane, choose Manage > LPWAN devices > Profiles, click Add device profile.

  • Take Milesight devices for example:
    • MacVersion is 1.0.2 or 1.0.3
    • RegParamsRevision Regional Parameters v1.0.2rB
    • Supports Class B or Class C depending on device work mode
    • Enable SupportsJoin if join type is OTAA

Click Add device profile to save the profile.

2. Click Add service profile and set up the parameters as needed. Proceed only if you have a device and service profile that will work for you.

  • In the Service Profiles section, name the service profile and configure as required, then click Add service profile to save the profile.

Register the Device

Now register an endpoint device with AWS IoT Core for LoRaWAN as follows:

  • Go to the AWS IoT console, navigate to Manage > LPWAN devices > Devices page, choose Add wireless device
  • Under LoRaWAN specification and wireless device configuration, select the LoRaWAN specification version as OTAA v1.0.x or ABP v1.0.x in the drop-down, enter the DevEUI and other keys. Note that please select AppEUI. The default App EUI is 24E124C0002A0001, and default AppKey is 5572404c696e6b4c6f52613230313823. 
  • In the Profiles section, select the device profile and service profile from a drop-down list. 

NOTE: Compare your device details to ensure the device profile is correct. If there are no valid default options, you will have to create a new profile (see the section Verify Profiles).

  • Choose the destination you created earlier (ProcessLoRa) from the drop-down under Choose destination, then choose Next
  • Choose Add device
  • You will see a message saying “Wireless device added”, indicating that your device has been set up successfully.
  • Refresh the page to load Last uplink received time.

Create lambda function for destination rule

Create the lambda function to process device messages processed by the destination rule.

1. Go to the AWS Lambda console, click on Functions in the navigation pane, click on Create function.

  • Select Author from scratch. Under Basic information, enter the function name “am100decoder” for instance and choose Node.js 14.x. from the drop-down under Runtime.
  • Click on Create function.

2. Click the function you created, Under Code tab, follow the guide of README from this link to make the index.js code.

  • The endpoint can be found on AWS IoT console > Settings page.
  • Replace last part as xxxx_TTN.js decoder.
  • Once the code has been pasted, choose Deploy to deploy the lambda code.

3. Click Test and select Configure test event.

  • Select Create New event, enter an event name
  • Copy the following AM107 sample payload and paste in the area under Event name:
    "WirelessDeviceId": "ab35b5ec-00b6-4c02-9bec-1e4efa4c7ba1",
    "PayloadData": "A2cHAQRocgZlRABeAVAABWosAAd9ZgIIfQwACXN5Jw==",
    "WirelessMetadata": {
        "LoRaWAN": {
            "DataRate": "2",
            "DevEui": "24e124128a390388",
            "FCnt": 65,
            "FPort": 85,
            "Frequency": "865500000",
            "Gateways": [{
                "GatewayEui": "24e124fffef128ea",
                "Rssi": -33,
                "Snr": 10.5
           "Timestamp": "2021-03-16T07:37:18Z"

  • Click Save changes to save the event.

Note: this can also be added Under Test tab.

4.  Click on Test in the Lambda function page to generate the test event you just created

After deploying the code, you need to change the lambda role policy permission as following steps:

5. Navigate to Configuration > Permissions tab of the lambda function

  • Under Execution role, click on the Role name to go to the IAM Roles page
  • On the Permissions tab, find the policy name and click on it
  • On the Permissions tab, choose Edit
  • choose the JSON tab, append the following to the Statement section of the policy to allow publishing to AWS IoT.
  "Effect": "Allow",
  "Action": [
"Resource": [

  • Choose Next, then Save changes.

6. Navigate to the AWS IoT Core console, choose Test on the navigation pane, and select MQTT test client.

  • Configure the MQTT test client to subscribe to “#” (all topics)
  • Verify the published data in the AWS IoT Core MQTT Test client

1. Go to the AWS IoT console, navigate to Manage > LPWAN devices > Devices page, choose the device you created.



2. Choose Queue downlink message.


Type the Fport (85 by default for Milesight devices) and downlink command (base64 format), click Submit. The downlink commands can be found on user guides or protocol document of Milesight devices.