Skip to content

Configure AWS integration#

Follow this section to integrate your AWS services with Coiote IoT DM.


  • An active AWS subscription with access to IoT Core, CloudFormation, CloudWatch, Lambda and Secrets Manager in supported regions.
  • Installed AWS CLI.
  • A Coiote IoT DM user account with the awsiottenant role.


    It's recommended to create a Coiote IoT DM user account dedicated exclusively for the integration. Note that the integration will work correctly only until the user with the awsiottenant role exists in Coiote IoT DM and the AWS CloudFormation stack is appropriately configured.

Supported regions#

  • eu-central-1
  • eu-north-1
  • eu-west-1
  • eu-west-2
  • eu-west-3
  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2

If you cannot find your region, please create a GitHub issue or contact AVSystem.

Create a Coiote IoT DM REST user#

To start integrating AWS with Coiote IoT DM, you first need to create a user account that will be used to authorize and authenticate API calls from AWS in Coiote IoT DM. To do that:

  1. Go to your Coiote IoT DM account and from the Administration menu, select Users management.
  2. Select Add user and fill in the form: Add user button
    • Provide Email for new user (which will be its username) and select your domain from the Domain path drop-down list.
    • Remember to switch on the User Verified and User Enabled toggle buttons.
    • In the Client Roles fields, pick the Coiote IoT DM client and awsiottenant role. Add REST user
    • Click Save.
    • Go to the Credentials tab, type a password for your user (twice), select Set password, then confirm by clicking Set password in the pop-up.

Copy tasks and provide credentials for your device group in Coiote IoT DM#

The Coiote IoT DM-side configuration of the integration is located in the dedicated AWSiotCoreCertAuth device group. To complete this side of the integration, log in as the user with the awsiottenant role (only if that user was created in the Root Domain. If not, they can not access the root groups and the tasks have to be copied from the Cloud admin account.). Then follow the steps below:

  1. Go to the Device groups panel and select a group:
    • For the default setting, select the AWSiotCoreCertAuth group which already contains all the necessary tasks and setting values.
    • Alternatively, create a new group and migrate the required tasks and setting values:
      • Select the Add button, name your group and click Add. Add group button
      • Migrate all the five tasks that have the AWS prefix in their task name:
        • Select the AWSiotCoreCertAuth group and go to Group tasks, select the first AWS task and click Copy. Copy task
        • In the pop-up window, click Select group in the Task target field and choose your custom integration group from the list.
        • Important

          Remember to select the Domain of the user you created earlier.
        • In the Actions field, select Add new task. Copy task pop-up
        • Repeat the action for the remaining four tasks.
      • Migrate the AWSdataPlaneEndpointAddress setting value:
        • Select your custom integration group and go to Profiles, then select Copy from. Copy setting values
        • In the pop-up window, click Select group and select the AWSiotCoreCertAuth group.
        • Pick the AWSdataPlaneEndpointAddress setting value from the list by checking it in the Selected column, then click Copy. Copy setting values pop-up
  2. Enter your AWS Endpoint Name in Coiote IoT DM:
    • Go to Device groups, select your custom integration group (or the AWSiotCoreCertAuth group, depending on the previous step) and go to Profiles. Complete the AWS setting value:
    • Open your command line and run the following command:
      aws iot describe-endpoint --endpoint-type iot:Data-ATS --region <desired-region-for-the-integration>
    • Copy the returned result. Copy data plane endpoint address
    • In Coiote IoT DM, go to the Profiles tab of your integration group and paste the result as the value for AWSdataPlaneEndpointAddress.
    • Append :8443 port to the pasted value.
    • Click Save.
  3. Optionally, you may now add your LwM2M devices to the integration device group so that they are ready once the integration setup is complete.

Add AWS resources using the integration repository#


To complete this step, make sure you have the appropriate AWS permissions to enter the CloudFormation service and create a stack (for details, see the AWS CloudFormation User Guide).

To add the resources needed for the integration to your AWS services:

  1. Go to the AWS Console page ( and sign in. Make sure that you are in the right region. From the list of services, select CloudFormation .
  2. Create a new stack. Use the template of Amazon S3 URL from below and change placeholders [REGION-NAME] to the one you use and is supported.
    Choose template file
  3. Choose a name for the stack and provide the parameters:


    The credentials you provide at this point should belong to the user with access to the Coiote IoT DM group which stores the AWS configuration set in a previous step.

    • coioteDMrestUsername - username of the created Coiote IoT DM account.
    • coioteDMrestPassword - password of the created Coiote IoT DM account.
    • coioteDMrestUri - URL address and port of your Coiote IoT DM installation. The port should always be 8088 to enable proper mTLS-based authentication.


      For some installations, port is not required. If you don't know what port to choose, contact our support.

      Change stack parameters

  4. Finalize configuring the stack and wait for its creation to finish.

  5. Once the stack is created successfully, the devices in your integration group will be automatically migrated to the AWS IoT Core.
  6. To check if your integration works correctly, go to AWS IoT Core, and from the menu, select Manage > Things, then see if your devices are listed as in here: Migrated things

Next steps#

To learn how to perform operations on your devices, please see the Performing LwM2M operations chapter.

Removing the integration#

To remove the integration of AWS and Coiote IoT DM, follow the following steps:

  1. In Coiote IoT DM remove all the devices from the AWSiotCoreCertAuth group.
  2. Go to the CloudFormation service in AWS and select the stack that was created while setting up the integration.
  3. Delete the stack. Delete stack
  4. Go to the S3 service in AWS and select the bucket with the lambda code files.
  5. Delete the files. Delete files

Last update: July 19, 2023