Integrating a LoRaWAN gateway with AWS IoT Core for LoRaWAN can feel intimidating. For my examples throughout this blog, I am going to be using a Tektelic Kona Micro gateway.

This blog walks you through the process, from upgrading firmware to seeing your first uplinks, based on a real-world implementation.

AWS IoT Core for LoRaWAN helps you connect and manage wireless LoRaWAN (low-power long-range Wide Area Network) devices and replaces the need for you to develop and operate an LNS.

Connecting a Gateway

AWS recommends that you use a qualified gateway so that you don’t have to modify the embedding software for connecting the gateways to AWS IoT Core.

Here is a list of gateway providers that are qualified for AWS IOT Core, if you click into one you can see all the products they support and our Konda Micros are on the list – AWS Partner Solutions Finder

LoRa Basics Station

AWS IoT Core for LoRaWAN supports only gateways running the LoRa Basics Station protocol over WSS (WebSocket Secure). Legacy Semtech UDP Packet Forwarders are not compatible.

By default, older KONA Micro gateways ship with the UDP Packet Forwarder. To connect them to AWS, you may need to upgrade your gateways firmware, install Basics Stations and then you can configure AWS certificates and endpoints.

First check if the Gateway already has Basic Stations on it:

If you run the following command:

`ps | grep station`

You should see something like:

`1234 root /opt/basicstation/station`

If you do it means Basics Station is already running.

If you don’t, you are going to have to install it. It is worth consulting the knowledge hub for your specific gateway to see how to install Basics Station. I was able to get documentation from Tektelic, which instructed me to first upgrade the firmware of my gateway – this process will vary depending on what type of gateway you have and if an upgrade is required or not.

Configuring Gateway with AWS IOT Core

Log into the AWS Console and navigate to AWS IOT Core:

In the left navigation pane, under “LPWAN devices”, select “Gateways”.

Once you select “Add Gateway”, we are going to need to fill out the following values:

1. The Gateways EUI (Extended Unique Identifier), which is a 16-digit alphanumeric code, it is used to identify your gateway on the network and this code is typically found on the gateway itself or on documentation that comes with your gateway.
2. The Frequency Band (RFRegion): This will depend on which country your gateway is for and where the gateway will be physically connecting from, your options for this are: US915, EU868, AU915, or AS923-1.
3. Name: This name is just an identifier for you within the AWS console, so you can visually tell it apart from other gateways you are commissioning.
4. Description: This gives you the ability to add any more information about your gateway, this can be useful for describing the physical location of your gateway e.g. Floor 1, build x.

Once you have all of the details filled out for the gateway, you can finalise it all by selecting “Add Gateway”.

On the next screen you will be asked to configure your gateway:

Under “Gateway certificate”, select “Create certificate” and download all the files. Rename the xxxx.cert.pem file to cups.crt and xxxx.private.key to cups.key.

You will then need to duplicate your cups.key file and name it tc.key and duplicate the cups.crt and name it tc.crt.

Under “Provisioning credentials”, select “Download server trust certificates” and keep them in a secure location. Keep your cups.trust file as is and rename lns.trust file to tc.trust.

Finally copy the CUPS and LNS endpoints that are displayed (I’ve redacted mine out of the screenshot above) and save them for use while configuring the gateway. With those endpoints saved, create two new files:

1. Create cups.uri file with CUPS Endpoint URL, e.g. https://EXAMPLE.cups.REGION.amazonaws.com:443
2. Create tc.uri file with LNS Endpoint URL, e.g. wss://EXAMPLE.gateway.lorawan.REGION.amazonaws.com:443

There is a lot of files included in those last few steps, so here is a roundup of all the files you should have now. There should be 8 files in total:

1. uri
2. trust
3. key
4. crt
5. uri
6. trust
7. key
8. crt

These files are used by the LoRa Basics Station software on the gateway to securely connect to AWS IoT Core.

Add AWS IOT config to Gateway

Copy all eight files onto the gateway, typically into the Basics Station configuration directory (commonly something like /etc/station/ or /opt/lora-station/, depending on vendor). Make sure the file ownership and permissions allow the station service to read them (usually root:root with 644 permissions is sufficient).

Restart the station service so it loads the new configuration and establishes a secure WebSocket (tc.uri) connection to AWS IoT Core.

”’

/etc/init.d/tektelic-bstn restart

/etc/init.d/pkt_fwd restart

”’

Vendor-Specific Notes (Tektelic vs Others)

If you are setting up a Tektelic gateway, there are a few extra configuration steps required because Tektelic uses its own Tektelic Bridge software layer. In addition to copying the AWS files:

1. In the `/etc/default/config.json` file, confirm the setting:

”’

“server_address”: “127.0.0.1”

”’

This routes traffic through the local bridge rather than directly to AWS.

2. Under the “gateway-conf” section, ensure this is present:

”’

“report_count”: 1

”’

which ensures uplinks are forwarded immediately.

Depending on your firmware version, you may also need to do the following:

• Comment out the url line in /etc/default/tektelic-bridge.ns.toml.
• Uncomment the url line in /etc/default/tektelic-bridge.oam.toml.

After these changes, restart the Tektelic services (tektelic-bridge and tektelic-pktfwd).

”’

/etc/init.d/tektelic-bstn restart

/etc/init.d/pkt_fwd restart

”’

For non-Tektelic gateways (e.g., Multitech, RAK, Kerlink, Mikrotik), you don’t need to touch any config.json or tektelic-bridge.*.toml files. These vendors generally run LoRa Basics Station natively and will connect directly to AWS using only the eight AWS files above.

Once the service is restarted/you have rebooted your gateway, you should see log entries showing successful TLS handshake and a connected state. From there, your gateway is ready to forward uplinks and receive downlinks via AWS IoT Core.

Now if you go back to AWS you should see the Gateways status changed to “Connected”

If it is not showing as connected, you can ssh back onto the gateway and look at the basic station logs by running:

”’

tail -f /var/log/bstn.log

”’

Also worth checking the following log files as well:

”’

tail -n 200 /var/log/pkt_fwd.log

”’

 

Now that you Gateway is set up, you will want to understand how to consume and decode the payloads from your end devices.

Check out my next blog in the series here.

Read the previous blog post in this series.