# Onboard your devices to AWS IoT Core for LoRaWAN
After you have onboarded your gateway to AWS IoT Core for LoRaWAN and verified its connection status, you can onboard your wireless devices. For information about how to onboard your gateways, see [Onboard your gateways to AWS IoT Core for LoRaWAN](lorawan-onboard-gateways.md).
LoRaWAN devices use a LoRaWAN protocol to exchange data with cloud-hosted applications. AWS IoT Core for LoRaWAN supports devices that comply to 1.0.x or 1.1 LoRaWAN specifications standardized by LoRa Alliance.
A LoRaWAN device typically contains one or more sensors and actors. The devices send uplink telemetry data through LoRaWAN gateways to AWS IoT Core for LoRaWAN. Cloud-hosted applications can control the sensors by sending downlink commands to LoRaWAN devices through LoRaWAN gateways.
**Before onboarding your wireless device**
Before you onboard your wireless device to AWS IoT Core for LoRaWAN, you need to have the following information ready in advance:
+
**LoRaWAN specification and wireless device configuration**
Having the configuration parameters that are unique to each device ready to enter in advance makes entering the data into the console go more smoothly. The specific parameters that you need to enter depend on the LoRaWAN specification that the device uses. For the complete listing of its specifications and configuration parameters, see each device's documentation.
+
**Device name and description (optional)**
The information in these optional fields comes from how you organize and describe the elements in your wireless system. For more information about naming and describing your resources, see [Describing your AWS IoT Wireless resources](getting-started.md#iotwireless-describe-resources).
+
**Device and service profiles**
Have some wireless device configuration parameters ready that are shared by many devices and can be stored in AWS IoT Core for LoRaWAN as device and service profiles. The configuration parameters are found in the device's documentation or on the device itself. You'll want to identify a device profile that matches the configuration parameters of the device, or create one if necessary, before you add the device. For more information, see [Add profiles to AWS IoT Core for LoRaWAN](lorawan-define-profiles.md).
+
**AWS IoT Core for LoRaWAN destination**
Each device must be assigned to a destination that will process its messages to send to AWS IoT and other services. The AWS IoT rules that process and send the device messages are specific to the device's message format. To process the messages from the device and send them to the correct service, identify the destination you'll create to use with the device's messages and assign it to the device.
**Topics**
+ [Add your wireless device to AWS IoT Core for LoRaWAN](lorawan-end-devices-add.md)
+ [Add profiles to AWS IoT Core for LoRaWAN](lorawan-define-profiles.md)
+ [Add destinations to AWS IoT Core for LoRaWAN](lorawan-create-destinations.md)
+ [Create rules to process LoRaWAN device messages](lorawan-destination-rules.md)
+ [Connect your LoRaWAN device and verify its connection status](lorawan-device-connection-status.md)
# Add your wireless device to AWS IoT Core for LoRaWAN
If you're adding your wireless device for the first time, we recommend that you use the console. Navigate to the [AWS IoT Core for LoRaWAN](https://console.aws.amazon.com/iot/home#/wireless/landing) **Intro** page of the AWS IoT console, choose **Get started**, and then choose **Add device**. If you've already added a device, choose **View device** to view the gateway that you added. If you would like to add more devices, choose **Add device**.
Alternatively, you can also add wireless devices from the [ Devices](https://console.aws.amazon.com/iot/home#/wireless/devices) page of the AWS IoT console.
## Add your wireless device specification to AWS IoT Core for LoRaWAN using the console
Choose a **Wireless device specification** based on your activation method and the LoRaWAN version. Once selected, your data is encrypted with a key that AWS owns and manages for you.
**OTAA and ABP activation modes**
Before your LoRaWAN device can send uplink data, you must complete a process called *activation* or *join procedure*. To activate your device, you can either use OTAA (Over the air activation) or ABP (Activation by personalization).
ABP doesn't require a join procedure and uses static keys. When you use OTAA, your LoRaWAN device sends a join request and the Network Server can allow the request. We recommend that you use OTAA to activate your device because new session keys are generated for each activation, which makes it more secure.
**LoRaWAN version**
When you use OTAA, your LoRaWAN device and cloud-hosted applications share the root keys. These root keys depend on whether you're using version v1.0.x or v1.1. v1.0.x has only one root key, **AppKey** (Application Key) whereas v1.1 has two root keys, **AppKey** (Application Key) and **NwkKey** (Network Key). The session keys are derived based on the root keys for each activation. Both the **NwkKey** and **AppKey** are 32-digit hexadecimal values that your wireless vendor provided.
**Wireless Device EUIs**
After you select the **Wireless device specification**, you see the EUI (Extended Unique Identifier) parameters for the wireless device displayed on the console. You can find this information from the documentation for the device or the wireless vendor.
+ **DevEUI**: 16-digit hexademical value that is unique to your device and found on the device label or its documentation.
+ **AppEUI**: 16-digit hexademical value that is unique to the join server and found in the device documentation. In LoRaWAN version v1.1, the **AppEUI** is called as **JoinEUI**.
For more information about the unique identifiers, session keys, and root keys, refer to the [ LoRa Alliance](https://lora-alliance.org/about-lorawan) documentation.
## Add your wireless device specification to AWS IoT Core for LoRaWAN by using the API
If you're adding a wireless device using the API, you must create your device profile and service profile first before creating the wireless device. You'll use the device profile and service profile ID when creating the wireless device. For information about how to create these profiles using the API, see [Add a device profile by using the API](lorawan-define-profiles.md#lorawan-device-profile-api).
The following lists describe the API actions that perform the tasks associated with adding, updating, or deleting a service profile.
**AWS IoT Wireless API actions for service profiles**
+ [CreateWirelessDevice](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_CreateWirelessDevice.html)
+ [GetWirelessDevice](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_GetWirelessDevice.html)
+ [ListWirelessDevices](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_ListWirelessDevices.html)
+ [ UpdateWirelessDevice](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_UpdateWirelessDevice.html)
+ [DeleteWirelessDevice](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_DeleteWirelessDevice.html)
For the complete list of the actions and data types available to create and manage AWS IoT Core for LoRaWAN resources, see the [AWS IoT Wireless API reference](https://docs.aws.amazon.com/iot-wireless/latest/apireference/welcome.html).
**How to use the AWS CLI to create a wireless device**
You can use the AWS CLI to create a wireless device by using the [create-wireless-device](https://docs.aws.amazon.com/cli/latest/reference/iotwireless/create-device-profile.html) command. The following example creates a wireless device by using an input.json file to input the parameters.
**Note**
You can also perform this procedure with the API by using the methods in the AWS API that correspond to the CLI commands shown here.
**Contents of input.json**
```
{
"Description": "My LoRaWAN wireless device",
"DestinationName": "IoTWirelessDestination",
"LoRaWAN": {
"DeviceProfileId": "ab0c23d3-b001-45ef-6a01-2bc3de4f5333",
"ServiceProfileId": "fe98dc76-cd12-001e-2d34-5550432da100",
"OtaaV1_1": {
"AppKey": "3f4ca100e2fc675ea123f4eb12c4a012",
"JoinEui": "b4c231a359bc2e3d",
"NwkKey": "01c3f004a2d6efffe32c4eda14bcd2b4"
},
"DevEui": "ac12efc654d23fc2"
},
"Name": "SampleIoTWirelessThing",
"Type": LoRaWAN
}
```
You can provide this file as input to the `create-wireless-device` command.
```
aws iotwireless create-wireless-device \
--cli-input-json file://input.json
```
For information about the CLIs that you can use, see [AWS CLI reference](https://docs.aws.amazon.com/cli/latest/reference/iotwireless/index.html)
# Add profiles to AWS IoT Core for LoRaWAN
Device and service profiles can be defined to describe common device configurations. These profiles describe configuration parameters that are shared by devices to make it easier to add those devices. AWS IoT Core for LoRaWAN supports device profiles and service profiles.
The configuration parameters and the values to enter into these profiles are provided by the device's manufacturer.
## Add device profiles
Device profiles define the device capabilities and boot parameters that the network server uses to set the LoRaWAN radio access service. It includes selection of parameters such as LoRa frequency band, LoRa regional parameters version, and MAC version of the device. To learn about the different frequency bands, see [Consider selection of LoRa frequency bands for your gateways and device connection](lorawan-rfregion-permissions.md#lorawan-frequency-bands).
### Add a device profile by using the console
If you're adding a wireless device by using the console as described in [Add your wireless device specification to AWS IoT Core for LoRaWAN using the console](lorawan-end-devices-add.md#lorawan-end-device-spec-console), after you've added the wireless device specification, you can add your device profile. Alternatively, you can also add wireless devices from the [ Profiles](https://console.aws.amazon.com/iot/home#/wireless/profiles) page of the AWS IoT console on the **LoRaWAN** tab.
You can choose from default device profiles or create a new device profile. We recommend that you use the default device profiles. If your application requires you to create a device profile, provide a **Device profile name**, select the **Frequency band (RfRegion)** that you're using for the device and gateway, and keep the other settings to the default values, unless specified otherwise in the device documentation.
### Add a device profile by using the API
If you're adding a wireless device by using the API, you must create your device profile before creating the wireless device.
The following lists describe the API actions that perform the tasks associated with adding, updating, or deleting a service profile.
**AWS IoT Wireless API actions for service profiles**
+ [CreateDeviceProfile](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_CreateDeviceProfile.html)
+ [GetDeviceProfile](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_GetDeviceProfile.html)
+ [ListDeviceProfiles](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_ListDeviceProfiles.html)
+ [DeleteDeviceProfile](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_DeleteDeviceProfile.html)
For the complete list of the actions and data types available to create and manage AWS IoT Core for LoRaWAN resources, see the [AWS IoT Wireless API reference](https://docs.aws.amazon.com/iot-wireless/latest/apireference/welcome.html).
**How to use the AWS CLI to create a device profile**
You can use the AWS CLI to create a device profile by using the [create-device-profile](https://docs.aws.amazon.com/cli/latest/reference/iotwireless/create-device-profile.html) command. The following example creates a device profile.
```
aws iotwireless create-device-profile
```
Running this command automatically creates a device profile with an ID that you can use when creating the wireless device. You can now create the service profile using the following API and then create the wireless device by using the device and service profiles.
```
{
"Arn": "arn:aws:iotwireless:us-east-1:123456789012:DeviceProfile/12345678-a1b2-3c45-67d8-e90fa1b2c34d",
"Id": "12345678-a1b2-3c45-67d8-e90fa1b2c34d"
}
```
For information about the CLIs that you can use, see [AWS CLI reference](https://docs.aws.amazon.com/cli/latest/reference/iotwireless/index.html)
## Add service profiles
Service profiles describe the communication parameters the device needs to communicate with the application server.
**Note**
When creating a service profile, you can specify that you want to use the public network instead of your own private LoRaWAN gateway. For more information, see [Managing LoRaWAN traffic from public networks (Everynet)](iot-lorawan-roaming.md).
### Add a service profile using the console
If you're adding a wireless device using the console as described in [Add your wireless device specification to AWS IoT Core for LoRaWAN using the console](lorawan-end-devices-add.md#lorawan-end-device-spec-console), after you've added the device profile, you can add your service profile. Alternatively, you can also add wireless devices from the [ Profiles](https://console.aws.amazon.com/iot/home#/wireless/profiles) page of the AWS IoT console on the **LoRaWAN** tab.
We recommend that you leave the setting **AddGWMetaData** enabled so that you'll receive additional gateway metadata for each payload, such as RSSI and SNR for the data transmission.
### Add a service profile using the API
If you're adding a wireless device using the API, you must first create your service profile before creating the wireless device.
The following lists describe the API actions that perform the tasks associated with adding, updating, or deleting a service profile.
**AWS IoT Wireless API actions for service profiles**
+ [CreateServiceProfile](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_CreateServiceProfile.html)
+ [GetServiceProfile](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_GetServiceProfile.html)
+ [ListServiceProfiles](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_ListServiceProfiles.html)
+ [DeleteServiceProfile](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_DeleteServiceProfile.html)
For the complete list of the actions and data types available to create and manage AWS IoT Core for LoRaWAN resources, see the [AWS IoT Wireless API reference](https://docs.aws.amazon.com/iot-wireless/latest/apireference/welcome.html).
**How to use the AWS CLI to create a service profile**
You can use the AWS CLI to create a service by using the [create-service-profile](https://docs.aws.amazon.com/cli/latest/reference/iotwireless/create-service-profile.html) command. The following example creates a service profile.
```
aws iotwireless create-service-profile
```
Running this command automatically creates a service profile with an ID that you can use when creating the wireless device. You can now create the wireless device by using the device and service profiles.
```
{
"Arn": "arn:aws:iotwireless:us-east-1:123456789012:ServiceProfile/12345678-a1b2-3c45-67d8-e90fa1b2c34d",
"Id": "12345678-a1b2-3c45-67d8-e90fa1b2c34d"
}
```
# Add destinations to AWS IoT Core for LoRaWAN
AWS IoT Core for LoRaWAN destinations describe the AWS IoT rule that processes a device's data for use by AWS services.
Because most LoRaWAN devices don't send data to AWS IoT Core for LoRaWAN in a format that can be used by AWS services, an AWS IoT rule must process it first. The AWS IoT rule contains the SQL statement that interprets the device's data and the topic rule actions that send the result of the SQL statement to the services that will use it.
If you're adding your destination for the first time, we recommend that you use the console.
## Add a destination using the console
If you're adding a wireless device using the console as described in [Add your wireless device specification to AWS IoT Core for LoRaWAN using the console](lorawan-end-devices-add.md#lorawan-end-device-spec-console), after you've already added the wireless device specification and profiles to AWS IoT Core for LoRaWAN as described previously, you can go ahead and add a destination.
Alternatively, you can also add an AWS IoT Core for LoRaWAN destination from the [ Destinations](https://console.aws.amazon.com/iot/home#/wireless/destinations) page of the AWS IoT console.
To process a device's data, specify the following fields when creating an AWS IoT Core for LoRaWAN destination, and then choose **Add destination**.
+
**Destination details**
Enter a **Destination name** and an optional description for your destination.
+
**Rule name**
The AWS IoT rule that is configured to evaluate messages sent by your device and process the device's data. The rule name will be mapped to your destination. The destination requires the rule to process the messages that it receives. You can choose for the messages to be processed by either invoking an AWS IoT rule or by publishing to the AWS IoT message broker.
+ If you choose **Enter a rule name**, enter a name, and then choose **Copy** to copy the rule name that you'll enter when creating the AWS IoT rule. You can either choose **Create rule** to create the rule now or navigate to the [Rules](https://console.aws.amazon.com/iot/home#/create/rule) Hub of the AWS IoT console and create a rule with that name.
You can also enter a rule and use the **Advanced** setting to specify a topic name. The topic name is provided during rule invocation and is accessed by using the `topic` expression inside the rule. For more information about AWS IoT rules, see [https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html](https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html).
+ If you choose **Publish to AWS IoT message broker**, enter a topic name. You can then copy the MQTT topic name and multiple subscribers can subscribe to this topic to receive messages published to that topic. For more information, see [https://docs.aws.amazon.com/iot/latest/developerguide/topics.html](https://docs.aws.amazon.com/iot/latest/developerguide/topics.html).
For more information about AWS IoT rules for destinations, see [Create rules to process LoRaWAN device messages](lorawan-destination-rules.md).
+
**Role name**
The IAM role that grants the device's data permission to access the rule named in **Rule name**. In the console, you can create a new service role or select an existing service role. If you're creating a new service role, you can either enter a role name (for example, **IoTWirelessDestinationRole**), or leave it blank for AWS IoT Core for LoRaWAN to generate a new role name. AWS IoT Core for LoRaWAN will then automatically create the IAM role with the appropriate permissions on your behalf.
For more information about IAM roles, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html).
## Add a destination by using the API
If you want to add a destination using the CLI instead, you must have already created the rule and IAM role for your destination. For more information about the details that a destination requires in the role, see [Create an IAM role for your destinations](#lorawan-create-destinations-roles).
The following list contains the API actions that perform the tasks associated with adding, updating, or deleting a destination.
**AWS IoT Wireless API actions for destinations**
+ [CreateDestination](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_CreateDestination.html)
+ [GetDestination](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_GetDestination.html)
+ [ListDestinations](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_ListDestinations.html)
+ [ UpdateDestination](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_UpdateDestination.html)
+ [DeleteDestination](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_DeleteDestination.html)
For the complete list of the actions and data types available to create and manage AWS IoT Core for LoRaWAN resources, see the [AWS IoT Wireless API reference](https://docs.aws.amazon.com/iot-wireless/latest/apireference/welcome.html).
**How to use the AWS CLI to add a destination**
You can use the AWS CLI to add a destination by using the [create-destination](https://docs.aws.amazon.com/cli/latest/reference/iotwireless/create-destination.html) command. The following example shows how to create a destination by entering a rule name by using `RuleName` as the value for the `expression-type` parameter. If you want to specify a topic name for publishing or subscribing to the message broker, change the `expression-type` parameter's value to `MqttTopic`d.
```
aws iotwireless create-destination \
--name IoTWirelessDestination \
--expression-type RuleName \
--expression IoTWirelessRule \
--role-arn arn:aws:iam::123456789012:role/IoTWirelessDestinationRole
```
Running this command creates a destination with the specified destination name, rule name, and role name. For information about rule and role names for destinations, see [Create rules to process LoRaWAN device messages](lorawan-destination-rules.md) and [Create an IAM role for your destinations](#lorawan-create-destinations-roles).
For information about the CLIs that you can use, see [AWS CLI reference](https://docs.aws.amazon.com/cli/latest/reference/iotwireless/index.html).
## Create an IAM role for your destinations
AWS IoT Core for LoRaWAN destinations require IAM roles that give AWS IoT Core for LoRaWAN the permissions necessary to send data to the AWS IoT rule. If such a role is not already defined, uou must define it so that it will appear in the list of roles.
When you use the console to add a destination, AWS IoT Core for LoRaWAN automatically creates an IAM role for you, as described previously in this topic. When you add a destination using the API or CLI, you must create the IAM role for your destination.
**To create an IAM policy for your AWS IoT Core for LoRaWAN destination role**
1. Open the [ Policies hub of the IAM console](https://console.aws.amazon.com/iam/home#/policies).
1. Choose **Create policy**, and choose the **JSON** tab.
1. In the editor, delete any content from the editor and paste this policy document.
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:DescribeEndpoint",
"iot:Publish"
],
"Resource": "*"
}
]
}
```
1. Choose **Review policy**, and in **Name**, enter a name for this policy. You'll need this name to use in the next procedure.
You can also describe this policy in **Description**, if you want.
1. Choose **Create policy**.
**To create an IAM role for an AWS IoT Core for LoRaWAN destination**
1. Open the [ Roles hub of the IAM console](https://console.aws.amazon.com/iam/home#/roles) and choose **Create role**.
1. In **Select type of trusted entity**, choose **Another AWS account**.
1. In **Account ID**, enter your AWS account ID, and then choose **Next: Permissions**.
1. In the search box, enter the name of the IAM policy that you created in the previous procedure.
1. In the search results, check the IAM policy that you created in the previous procedure.
1. Choose **Next: Tags**, and then choose **Next: Review**.
1. In **Role name**, enter the name of this role, and then choose **Create role**.
1. In the confirmation message, choose the name of the role you created to edit the new role.
1. In **Summary**, choose the **Trust relationships** tab, and then choose **Edit trust relationship**.
1. In **Policy Document**, change the `Principal` property to look like this example.
```
"Principal": {
"Service": "iotwireless.amazonaws.com"
},
```
After you change the `Principal` property, the complete policy document should look like this example.
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "iotwireless.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
```
1. To save your changes and exit, choose **Update Trust Policy**.
With this role defined, you can find it in the list of roles when you configure your AWS IoT Core for LoRaWAN destinations.
# Create rules to process LoRaWAN device messages
AWS IoT rules send device messages to other services. AWS IoT rules can also process the binary messages received from a LoRaWAN device to convert the messages to other formats that can make them easier for other services to use.
[AWS IoT Core for LoRaWAN destinations](lorawan-create-destinations.md) associate a wireless device with the rule that processes the device's message data to send to other services. The rule acts on the device's data as soon as AWS IoT Core for LoRaWAN receives it. [AWS IoT Core for LoRaWAN destinations](lorawan-create-destinations.md) can be shared by all devices whose messages have the same data format and that send their data to the same service.
## How AWS IoT rules process device messages
How an AWS IoT rule processes a device's message data depends on the service that will receive the data, the format of the device's message data, and the data format that the service requires. Typically, the rule calls an AWS Lambda function to convert the device's message data to the format a service requires, and then sends the result to the service.
The following illustration shows how message data is secured and processed as it moves from the wireless device to an AWS service.
![\[Image showing how AWS IoT Core for LoRaWAN data is passed from a wireless device to AWS IoT and other services.\]](http://docs.aws.amazon.com/iot-wireless/latest/developerguide/images/iot-lorawan-data-flow.png)
1. The LoRaWAN wireless device encrypts its binary messages using AES128 CTR mode before it transmits them.
1. AWS IoT Core for LoRaWAN decrypts the binary message and encodes the decrypted binary message payload as a base64 string.
1. The resulting base64-encoded message is sent as a message payload, that is not formatted as a JSON document, to the AWS IoT rule described in the destination assigned to the device.
1. The AWS IoT rule directs the message data to the service described in the rule's configuration.
The encrypted binary payload received from the wireless device is not altered or interpreted by AWS IoT Core for LoRaWAN. The decrypted binary message payload is encoded only as a base64 string. For services to access the data elements in the binary message payload, the data elements must be parsed out of the payload by a function called by the rule. The base64-encoded message payload is an ASCII string, so it could be stored as such to be parsed later.
## Create rules for LoRaWAN devices
AWS IoT Core for LoRaWAN uses AWS IoT rules to securely send device messages directly to other AWS services without the need to use the message broker. By removing the message broker from the ingestion path, it reduces costs and optimizes the data flow.
For an AWS IoT Core for LoRaWAN rule to send device messages to other AWS services, it requires an AWS IoT Core for LoRaWAN destination and an AWS IoT rule assigned to that destination. The AWS IoT rule must contain a SQL query statement and at least one rule action.
Typically, the AWS IoT rule query statement consists of:
+ A SQL SELECT clause that selects and formats the data from the message payload
+ A topic filter (the FROM object in the rule query statement) that identifies the messages to use
+ An optional conditional statement (a SQL WHERE clause) that specifies conditions on which to act
Here is an example of a rule query statement:
```
SELECT temperature FROM iot/topic' WHERE temperature > 50
```
When building AWS IoT rules to process payloads from LoRaWAN devices, you do not have to specify the FROM clause as part of the rule query object. The rule query statement must have the SQL SELECT clause and can optionally have the WHERE clause. If the query statement uses the FROM clause, it is ignored.
Here is an example of a rule query statement that can process payloads from LoRaWAN devices:
```
SELECT WirelessDeviceId, WirelessMetadata.LoRaWAN.FPort as FPort,
WirelessMetadata.LoRaWAN.DevEui as DevEui,
PayloadData
```
In this example, the `PayloadData` is a base64-encoded binary payload sent by your LoRaWAN device.
Here is an example rule query statement that can perform a binary decoding of the incoming payload and transform it into a different format such as JSON:
```
SELECT WirelessDeviceId, WirelessMetadata.LoRaWAN.FPort as FPort,
WirelessMetadata.LoRaWAN.DevEui as DevEui,
aws_lambda("arn:aws:lambda:::function:",
{
]"PayloadData":PayloadData,
"Fport": WirelessMetadata.LoRaWAN.FPort
}
) as decodingoutput
```
For more information on using the SELECT AND WHERE clauses, see [AWS IoT SQL reference](https://docs.aws.amazon.com/iot/latest/developerguide/iot-sql-reference.html).
For information about AWS IoT rules and how to create and use them, see [AWS IoT rules](https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html) and [AWS IoT rules tutorials](https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules-tutorial.html).
For information about creating and using AWS IoT Core for LoRaWAN destinations, see [Add destinations to AWS IoT Core for LoRaWAN](lorawan-create-destinations.md).
For information about using binary message payloads in a rule, see [Binary payloads](https://docs.aws.amazon.com/iot/latest/developerguide/binary-payloads.html).
For more information about the data security and encryption used to protect the message payload on its journey, see [Data protection in AWS IoT Wireless](data-protection.md).
For a reference architecture that shows a binary decoding and implementation example for IoT rules, see [AWS IoT Core for LoRaWAN Solution Samples on GitHub](https://github.com/aws-samples/aws-iot-core-lorawan/tree/main/transform_binary_payload).
# Connect your LoRaWAN device and verify its connection status
Before you can check the device connection status, you must have already added your device and connected it to AWS IoT Core for LoRaWAN. For information about how to add your device, see [Add your wireless device to AWS IoT Core for LoRaWAN](lorawan-end-devices-add.md).
After you've added your device, refer to your device's user manual to learn how to initiate sending an uplink message from your LoRaWAN device.
## Wireless device destination payload
The following code shows the payload received at the destination for your wireless device. It shows a sample payload when using your own private LoRaWAN gateway, and when you use a public network. It also shows the payload format if you exclude the gateway metadata information. The following shows a sample payload.
```
HTTP/1.1 200
Content-type: application/json
{
"LastUplinkReceivedAt": "2021-03-24T23:13:08.476015749Z",
"LoRaWAN": {
"DataRate": 5,
"DevEui": "647fda0000006420",
"Frequency": 868100000,
"Gateways": [
{
"GatewayEui": "c0ee40ffff29df10",
"Rssi": -67,
"Snr": 9.75
}
],
"WirelessDeviceId": "30cbdcf3-86de-4291-bfab-5bfa2b12bad5"
}
```
### Payload example with private LoRaWAN gateway
This example uses a private LoRaWAN gateway to show the gateway metadata information in the uplink message. The metadata consists of the gateway EUI, SNR (signal to noise ratio), and RSSI (Received signal to strength indicator). These values can help you determine the strength of your gateway channel and whether to switch to a stronger channel.
```
{
"MessageId": "d8374454-f361-4907-9f3f-ca53233bb281",
"WirelessDeviceId": "d7c96c47-6058-46d6-a033-c67d28c2243c",
"PayloadData": "wOr7P9SI8tsIgMl0=",
"WirelessMetadata":
{
"LoRaWAN":
{
"ADR": false,
"Bandwidth": 125,
"ClassB": false,
"CodeRate": "4/5",
"DataRate": "0",
"DevAddr": "725dd3eb",
"DevEui": "ac1f09fffe081943",
"FCnt": 5,
"FOptLen": 0,
"FPort": 1,
"Frequency": "868300000",
"Gateways": [
{
"GatewayEui": "2cf7f11053100080",
"Rssi": -34,
"Snr": 9.5
}
],
"MIC": "9eb0337c",
"MType": "UnconfirmedDataUp",
"Major": "LoRaWANR1",
"Modulation": "LORA",
"PolarizationInversion": false,
"SpreadingFactor": 12,
"Timestamp": "2023-12-01T16:16:11Z"
}
}
}
```
### Payload example with public network
You can also connect to the public network instead of your own private LoRaWAN gateway. The public network is provided and operated as a service directly by Everynet. The following example shows the public LoRaWAN network metadata in the message. The metadata consists of the ID of the gateway and the network provider (Everynet), whether downlink is allowed, and the SNR and RSSI values. For more infrrmation about the public network, see [Managing LoRaWAN traffic from public networks (Everynet)](iot-lorawan-roaming.md).
**Note**
The uplink message will mention `PublicGateways` to indicate that it's received from the public network and not a private LoRaWAN gateway.
```
{
"MessageId": "d8374454-f361-4907-9f3f-ca53233bb281",
"WirelessDeviceId": "d7c96c47-6058-46d6-a033-c67d28c2243c",
"PayloadData": "wOr7P9SI8tsIgMl0=",
"WirelessMetadata":
{
"LoRaWAN":
{
"ADR": false,
"Bandwidth": 125,
"ClassB": false,
"CodeRate": "4/5",
"DataRate": "0",
"DevAddr": "725dd3eb",
"DevEui": "ac1f09fffe081943",
"FCnt": 5,
"FOptLen": 0,
"FPort": 1,
"Frequency": "868300000",
"PublicGateways": [
{
"DlAllowed": true,
"Id": "3abe094",
"ProviderNetId": "0x0000b",
"RfRegion": "US915",
"Rssi": -12,
"Snr": 6.75
}
],
"MIC": "9eb0337c",
"MType": "UnconfirmedDataUp",
"Major": "LoRaWANR1",
"Modulation": "LORA",
"PolarizationInversion": false,
"SpreadingFactor": 12,
"Timestamp": "2023-12-01T16:16:11Z"
}
}
}
```
### Payload example without gateway metadata
If you want to exclude the gateway metadata information from your uplink metadata, disable the **AddGwMetadata** parameter when you create the service profile. For information about disabling this parameter, see [Add service profiles](lorawan-define-profiles.md#lorawan-service-profiles).
In this case, you won't see the `Gateways` section in the uplink metadata, as illustrated in the following example.
```
{
"MessageId": "d8374454-f361-4907-9f3f-ca53233bb281",
"WirelessDeviceId": "d7c96c47-6058-46d6-a033-c67d28c2243c",
"PayloadData": "wOr7P9SI8tsIgMl0=",
"WirelessMetadata":
{
"LoRaWAN":
{
"ADR": false,
"Bandwidth": 125,
"ClassB": false,
"CodeRate": "4/5",
"DataRate": "0",
"DevAddr": "725dd3eb",
"DevEui": "ac1f09fffe081943",
"FCnt": 5,
"FOptLen": 0,
"FPort": 1,
"Frequency": "868300000",
"MIC": "9eb0337c",
"MType": "UnconfirmedDataUp",
"Major": "LoRaWANR1",
"Modulation": "LORA",
"PolarizationInversion": false,
"SpreadingFactor": 12,
"Timestamp": "2023-12-01T16:16:11Z"
}
}
}
```
## Check device connection status
The following sections show you how to check the connection status using the AWS Management Console and the AWS CLI.
### Check device connection status using the console
To check the connection status using the console, navigate to the [https://console.aws.amazon.com/iot/home#/wireless/devices](https://console.aws.amazon.com/iot/home#/wireless/devices) page of the AWS IoT console and choose the device you've added. In the **Details** section of the Wireless devices details page, you'll see the date and time the last uplink was received.
### Check device connection status using the API
To check the connection status using the API, use the [`GetWirelessDeviceStatistics` API](https://docs.aws.amazon.com/iot-wireless/latest/apireference/API_GetWirelessDeviceStatistics.html). This API doesn't have a request body and only contains a response body that shows when the last uplink was received. The response from the API also indicates whether it's received from a public network or a private LoRaWAN gateway.
## Next steps
Now that you have connected your device and verified the connection status, you can observe the format of the uplink metadata recieved from the device by using the [ MQTT test client](https://console.aws.amazon.com/iot/home#/test) on the **Test** page of the AWS IoT console. For more information, see [View format of uplink messages sent from LoRaWAN devices](lorawan-uplink-metadata-format.md).