Skip to content

Configuring the integration#

Follow this section to integrate your AWS services with Coiote DM.


Create a Coiote DM REST user#

To start integrating AWS with Coiote DM, you first need to create a user account that will be used to authorize and authenticate API calls from AWS in Coiote DM. To do that:

  1. Go to your Coiote DM account and from the Administration menu, select Users management.
  2. Select Add user and in fill in the form: Add user button
    • Provide Email for new user (which will be its username) and select your domain from the Domain path drop-down list.
    • Remember to switch on the User Verified and User Enabled toggle buttons.
    • In the Client Roles fields, pick the CoioteDM client and cloudtenant role. Add REST user
    • Click Save.
    • Go to the Credentials tab, type a password for your user (twice), select Set password, then confirm by clicking Set password in the pop-up.

Copy tasks and provide credentials for your device group in Coiote DM#

The Coiote DM-side configuration of the integration is located in the dedicated AWSiotCore device group. To complete this side of the integration, log in as the user with the Cloud admin role and follow the steps below:

  1. Go to the Device groups panel and select a group:

    • For the default setting, select the AWSiotCore group which already contains all the necessary tasks and setting values.
    • Alternatively, create a new group and migrate the required tasks and setting values:
      • Select the Add button, name your group and click Add. Add group button
      • Migrate all the six tasks that have the AWS prefix in their task name:
        • Select the AWSiotCore group and go to Group tasks, select the first AWS task and click Copy. Copy task
        • In the pop-up window, click Select group in the Task target field and choose your custom integration group from the list.
        • Remember to select the Domain of the user you created earlier.
        • In the Actions field, select Add new task. Copy task pop-up
        • Repeat the action for the remaining five tasks.
      • Migrate all the five setting values that have the AWS prefix in their task name:
        • Select your custom integration group and go to Profiles, then select Copy from. Copy setting values
        • In the pop-up window, click Select group and select the AWSiotCore group.
        • Pick all the five AWS setting values from the list by checking them in the Selected column, then click Copy. Copy setting values pop-up
  2. Enter your AWS subscription credentials in Coiote DM:

    • Go to Device groups, select your custom integration group (or the AWSiotCore group, depending on the previous step) and go to Profiles. Complete the AWS setting values with your AWS credentials:
      • For AWSaccessKeyID and AWSsecretAccessKey:
        • Go to AWS Identity and Access Management, click Users and select your user name from the list.
        • Select the Security credentials tab and, under the Access keys section, click Create access key. Create access key button
        • Copy the generated Access key ID and Secret access key. Copy access key and ID
        • In Coiote DM, go to the Profiles tab of your integration group and paste the credentials as values for AWSaccessKeyID and AWSsecretAccessKey.
        • Click Save.
      • For AWSregion:
        • While in AWS IoT Core, click on your region name in the top navigation bar to expand the list of regions. Then, copy the hyphenated region name (e.g. us-east-1). Copy region name
        • In Coiote DM, go to the Profiles tab of your integration group and paste the region name as the value for AWSregion.
        • Click Save.
      • For AWScontrolPlaneEndpointAddress:
        • Go to AWS documentation:
        • From the Control Plane API Endpoints section, find the endpoint that matches your region (e.g. and copy it.
        • In Coiote DM, go to the Profiles tab of your integration group and paste the credentials as the value for AWScontrolPlaneEndpointAddress.
        • Click Save.
      • For AWSdataPlaneEndpointAddress:
        • Open your command line and run the following command:
          aws iot describe-endpoint --endpoint-type iot:Data-ATS
        • Copy the returned result. Copy data plane endpoint address
        • In Coiote DM, go to the Profiles tab of your integration group and paste the result as the value for AWSdataPlaneEndpointAddress.
        • Click Save.
  3. Optionally, you may now add your LwM2M devices to the integration device group so that they are ready once the integration setup is complete.

Add Coiote DM REST user credentials to AWS Secrets Manager#

  1. Go to the AWS Console page ( and sign in. Make sure that you are in the right region. Choose Secrets Manager from the services list.
  2. Create a new secret by clicking the Store a new secret button.
  3. From the group of secret types, select Other type of secrets. Selecting other type of secrets
  4. Provide credentials to your Coiote DM REST user created before as key/value pairs. Desired keys and related values are specified in the table below. To add a new pair, click + Add row.
Key Value description
url URL address and port of your Coiote DM installation. By default, it's
password Password for your Coiote DM REST user.
username Your Coiote DM REST user login (email address).

Provide Coiote DM credentials

  1. After adding the credentials, proceed by clicking Next.
  2. Set the secret name to coioteDMrest. Set secret name
  3. Go through creator's remaining steps the default and save your secret by clicking Store.

Add AWS resources using the integration repository#

All the AWS-side configuration needed for the integration to work is stored in a publicly available git repository (

To add the resources needed for the integration to your AWS services:

  1. Clone the repository into your local drive and check out on the coiote-aws-iot-cloud-formation branch:
    • Run your command line and paste the following commands:
      git clone --no-checkout
      cd iot-examples
      git sparse-checkout set coiote-aws-iot-cloud-formation
      git checkout main
      cd coiote-aws-iot-cloud-formation
  2. Use the Python package installer in command line to install all the required dependencies:
    python3 -m pip install -r lwm2mOperation/requirements.txt --target lwm2mOperation/
  3. If you want to create a new S3 bucket for the lambda code, use the following command:
    aws s3 mb s3://<your-bucket-name> --region <region-name, e.g. us-west-1>
  4. Package the code to your AWS S3 bucket and change the current CloudFormation template using the following command:
    aws cloudformation package --template-file cloudFormation.json --s3-bucket <your-bucket-name> --output-template-file output.json --use-json
  5. Go to the AWS Console page ( and sign in. Make sure that you are in the right region. From the list of services, select CloudFormation .
  6. Create a new stack. Use the generated output.json file as the template for the stack. Choose template file
  7. Choose a name for the stack. Change stack name
  8. Finalize configuring the stack and wait for its creation to finish.
  9. Once the stack is created successfully, the devices in your integration group will be automatically migrated to the AWS IoT Core.
  10. To check if your integration works correctly, go to AWS IoT Core, and from the menu, select Manage > Things, then see if your devices are listed as in here: Migrated things

Next steps#

To learn how to perform operations on your devices, please see the Performing LwM2M operations chapter.

Last update: October 28, 2021