AWS IoT FleetWise will no longer be open to new customers as of April 30, 2026. Existing AWS IoT FleetWise customers can continue using the service. The [Guidance for Connected Mobility on AWS](https://aws.amazon.com/solutions/guidance/connected-mobility-on-aws/) provides guidance on how to develop and deploy modular services for connected mobility solutions that can be used to achieve equivalent capabilities as AWS IoT FleetWise.
# Set up AWS IoT FleetWise
Before you use AWS IoT FleetWise for the first time, complete the steps in the following sections.
**Topics**
+ [Set up your AWS account](#setting-up-create-iam-user)
+ [Get started in the console](#console-get-started)
+ [Configure your AWS IoT FleetWise settings](configure-settings.md)
+ [Making requests to AWS IoT FleetWise using IPv6](fleetwise-ipv6-access.md)
## Set up your AWS account
Complete the following tasks to sign up for AWS and create an administrative user.
### Sign up for an AWS account
If you do not have an AWS account, complete the following steps to create one.
**To sign up for an AWS account**
1. Open [https://portal.aws.amazon.com/billing/signup](https://portal.aws.amazon.com/billing/signup).
1. Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call or text message and entering a verification code on the phone keypad.
When you sign up for an AWS account, an *AWS account root user* is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform [tasks that require root user access](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#root-user-tasks).
AWS sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to [https://aws.amazon.com/](https://aws.amazon.com/) and choosing **My Account**.
### Create a user with administrative access
After you sign up for an AWS account, secure your AWS account root user, enable AWS IAM Identity Center, and create an administrative user so that you don't use the root user for everyday tasks.
**Secure your AWS account root user**
1. Sign in to the [AWS Management Console](https://console.aws.amazon.com/) as the account owner by choosing **Root user** and entering your AWS account email address. On the next page, enter your password.
For help signing in by using root user, see [Signing in as the root user](https://docs.aws.amazon.com/signin/latest/userguide/console-sign-in-tutorials.html#introduction-to-root-user-sign-in-tutorial) in the *AWS Sign-In User Guide*.
1. Turn on multi-factor authentication (MFA) for your root user.
For instructions, see [Enable a virtual MFA device for your AWS account root user (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/enable-virt-mfa-for-root.html) in the *IAM User Guide*.
**Create a user with administrative access**
1. Enable IAM Identity Center.
For instructions, see [Enabling AWS IAM Identity Center](https://docs.aws.amazon.com//singlesignon/latest/userguide/get-set-up-for-idc.html) in the *AWS IAM Identity Center User Guide*.
1. In IAM Identity Center, grant administrative access to a user.
For a tutorial about using the IAM Identity Center directory as your identity source, see [ Configure user access with the default IAM Identity Center directory](https://docs.aws.amazon.com//singlesignon/latest/userguide/quick-start-default-idc.html) in the *AWS IAM Identity Center User Guide*.
**Sign in as the user with administrative access**
+ To sign in with your IAM Identity Center user, use the sign-in URL that was sent to your email address when you created the IAM Identity Center user.
For help signing in using an IAM Identity Center user, see [Signing in to the AWS access portal](https://docs.aws.amazon.com/signin/latest/userguide/iam-id-center-sign-in-tutorial.html) in the *AWS Sign-In User Guide*.
**Assign access to additional users**
1. In IAM Identity Center, create a permission set that follows the best practice of applying least-privilege permissions.
For instructions, see [ Create a permission set](https://docs.aws.amazon.com//singlesignon/latest/userguide/get-started-create-a-permission-set.html) in the *AWS IAM Identity Center User Guide*.
1. Assign users to a group, and then assign single sign-on access to the group.
For instructions, see [ Add groups](https://docs.aws.amazon.com//singlesignon/latest/userguide/addgroups.html) in the *AWS IAM Identity Center User Guide*.
**Note**
You can use a service-linked role with AWS IoT FleetWise. Service-linked roles are predefined by AWS IoT FleetWise and include the permissions that AWS IoT FleetWise needs to send metrics to Amazon CloudWatch. For more information, see [Using service-linked roles for AWS IoT FleetWise](using-service-linked-roles.md).
## Get started in the console
If you aren't already signed in to your AWS account, sign in, then open the [AWS IoT FleetWise console](https://console.aws.amazon.com/iotfleetwise/). To get started with AWS IoT FleetWise, create a vehicle model. A vehicle model standardizes the format of your vehicles.
1. Open the [AWS IoT FleetWise console](https://console.aws.amazon.com/iotfleetwise).
1. In **Get started with AWS IoT FleetWise**, choose **Get started**.
For more information about creating a vehicle model, see [Create an AWS IoT FleetWise vehicle model](create-vehicle-model.md).
# Configure your AWS IoT FleetWise settings
You can use the AWS IoT FleetWise console or API to configure settings for Amazon CloudWatch Logs metrics, Amazon CloudWatch Logs, and encrypt data with an AWS managed key.
With CloudWatch metrics, you can monitor AWS IoT FleetWise and other AWS resources. You can use CloudWatch metrics to collect and track metrics, such as to determine if there is an exceeded service limit. For more information about CloudWatch metrics, see [Monitor AWS IoT FleetWise with Amazon CloudWatch](monitoring-cloudwatch.md).
With CloudWatch Logs, AWS IoT FleetWise sends log data to a CloudWatch log group, where you can use it to identify and mitigate any issues. For more information about CloudWatch Logs, see [Configure AWS IoT FleetWise logging](logging-cw.md).
With data encryption, AWS IoT FleetWise uses AWS managed keys to encrypt data. You can also choose to create and manage keys with AWS KMS. For more information about encryption, see [Data encryption in AWS IoT FleetWise](data-encryption.md).
## Configure settings (console)
If you aren't already signed in to your AWS account, sign in, then open the [AWS IoT FleetWise console](https://console.aws.amazon.com/iotfleetwise/).
1. Open the [AWS IoT FleetWise console](https://console.aws.amazon.com/iotfleetwise).
1. On the left pane, choose **Settings**.
1. In **Metrics**, choose **Enable**. AWS IoT FleetWise automatically attaches a CloudWatch managed policy to the service-linked role and enables CloudWatch metrics.
1. In **Logging**, choose **Edit**.
1. In the **CloudWatch logging** section, enter the **Log group**.
1. To save your changes, choose **Submit**.
1. In the **Encryption** section, choose **Edit**.
1. Choose the type of key that you want to use. For more information, see [Key management in AWS IoT FleetWise](key-management.md).
1. **Use AWS key** – AWS IoT FleetWise owns and manages the key.
1. **Choose a different AWS Key Management Service key** – You manage AWS KMS keys that are in your account.
1. To save your changes, choose **Submit**.
## Configure settings (AWS CLI)
In the AWS CLI, register the account to configure settings.
### IAM permission setup for account registration
To invoke the `RegisterAccount` API successfully, you need to include `iam:CreateServiceLinkedRole` in your IAM policy document. This API creates a service-linked role in your account that is used to publish AWS IoT FleetWise metrics to your CloudWatch. To verify whether the account is registered successfully, invoke the `GetRegisterAccountStatus` API and make sure the registration status is `REGISTRATION_SUCCESS`.
The following example shows a sample policy document for setting up permissions to `RegisterAccount` and `GetRegisterAccountStatus`:
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iotfleetwise:RegisterAccount",
"iotfleetwise:GetRegisterAccountStatus",
"iam:CreateServiceLinkedRole"
],
"Resource": [
"*"
]
}
]
}
```
1. To configure settings, run the following command.
```
aws iotfleetwise register-account
```
1. To verify your settings, run the following command to retrieve the registration status.
**Note**
The service-linked role is only used to publish AWS IoT FleetWise metrics to CloudWatch. For more information, see [Using service-linked roles for AWS IoT FleetWise](using-service-linked-roles.md).
```
aws iotfleetwise get-register-account-status
```
**Example response**
```
{
"accountStatus": "REGISTRATION_SUCCESS",
"creationTime": "2022-07-28T11:31:22.603000-07:00",
"customerAccountId": "012345678912",
"iamRegistrationResponse": {
"errorMessage": "",
"registrationStatus": "REGISTRATION_SUCCESS",
"roleArn": "arn:aws:iam::012345678912:role/AWSIoTFleetwiseServiceRole"
},
"lastModificationTime": "2022-07-28T11:31:22.854000-07:00",
}
}
```
The registration status can be one of the following:
+ `REGISTRATION_SUCCESS` – The AWS resource is successfully registered.
+ `REGISTRATION_PENDING` – AWS IoT FleetWise is processing the registration request. This process takes approximately five minutes to complete.
+ `REGISTRATION_FAILURE` – AWS IoT FleetWise can't register the AWS resource. Try again later.
# Making requests to AWS IoT FleetWise using IPv6
You can communicate with AWS IoT FleetWise over Internet Protocol version 6 (IPv6) and IPv4 to manage your resources. Dual-stack endpoints support requests to AWS IoT FleetWise APIs over IPv6 and IPv4. There are no additional charges for communication over IPv6.
The IPv6 protocol is the next generation IP standard with additional security features. It offers 128-bit long address space while IPv4 has 32-bit long address. IPv4 can generate 4.29 x 10^9 addresses while IPv6 can have 3.4 x 10^38 addresses.
## IPv6 prerequisites for control plane endpoints
IPv6 protocol support is automatically enabled for control plane endpoints. When using the endpoints for control plane clients, you must provide the [Server Name Indication (SNI) extension](https://www.rfc-editor.org/rfc/rfc3546#section-3.1). Clients can use the SNI extension to indicate the name of the server being contacted, and whether it's using the regular endpoints or the dual-stack endpoints. See [Using dual-stack endpoints](#fleetwise-ipv6-dualstack).
## IPv6 support for AWS PrivateLink endpoints
AWS IoT FleetWise supports IPv6 communication to interface VPC endpoints using AWS PrivateLink.
## Testing IPv6 address compatibility
If you're using use Linux/Unix or Mac OS X, you can test whether you can access a dual-stack endpoint over IPv6 by using the curl command as shown in the following example:
```
curl -v https://iotfleetwise..api.aws
```
You get back information similar to the following example. If you're connected over IPv6, the connected IP address will be an IPv6 address.
```
* Host iotfleetwise.us-east-1.api.aws:443 was resolved.
* IPv6: ::ffff:3.82.78.135, ::ffff:54.211.220.216, ::ffff:54.211.201.157
* IPv4: (none)
* Trying [::ffff:3.82.78.135]:443...
* Connected to iotfleetwise.us-east-1.api.aws (::ffff:3.82.78.135) port 443
* ALPN: curl offers h2,http/1.1
```
If you're using Microsoft Windows 7 or Windows 10, you can test whether you can access a dual-stack endpoint over IPv6 or IPv4 by using the ping command as shown in the following example.
```
ping iotfleetwise..api.aws
```
## Using IPv6 addresses in IAM policies
Before you use IPv6 for your resources, you must ensure that any IAM polices that are used for IP address filtering include IPv6 address ranges. For more information about managing access permissions with IAM, see [Identity and Access Management for AWS IoT FleetWise](security-iam.md).
IAM policies that filter IP addresses use [IP Address Condition Operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Conditions_IPAddress). The following policy identifies the `54.240.143.*` range of allowed IPv4 addresses by using IP address condition operators. Since all IPv6 addresses are outside the allowed range, this policy prevents communication using IPv6 addresses.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "iotfleetwise:*",
"Resource": "arn:aws:iotfleetwise:us-east-1:111122223333:*",
"Condition": {
"IpAddress": {"aws:SourceIp": "54.240.143.0/24"}
}
}
]
}
```
------
To include IPv6 addresses, you can modify the policy's Condition element to allow both IPv4 (54.240.143.0/24) and IPv6 (2001:DB8:1234:5678::/64) address ranges as shown in the following example.
```
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"54.240.143.0/24",
"2001:DB8:1234:5678::/64"
]
}
}
```
## Using dual-stack endpoints
AWS IoT FleetWise dual-stack endpoints support requests to AWS IoT FleetWise APIs over IPv6 and IPv4. When you make a request to a dual-stack endpoint, it automatically resolves to an IPv4 or an IPv6 address. In the dual-stack mode, both IPv4 and IPv6 client connections are accepted.
If you're using the REST API, you can directly access an AWS IoT FleetWise endpoint by using the endpoint name (URI). AWS IoT FleetWise supports only regional dual-stack endpoint names, which means that you must specify the AWS Region as part of the name.
The following table shows the format of control plane endpoints for AWS IoT FleetWise when using IPv4 and the dual-stack modes. For more information about these endpoints, see [AWS IoT FleetWise endpoints](https://docs.aws.amazon.com/general/latest/gr/iotfleetwise.html).
| Endpoint | IPv4 address | Dual-stack mode |
| --- | --- | --- |
| Control plane | iotfleetwise..amazonaws.com | iotfleetwise..api.aws |
When using the AWS CLI and AWS SDKs, you can use a `AWS_USE_DUALSTACK_ENDPOINT` environment variable, or the `use_dualstack_endpoint` parameter, which is a shared config file setting, to change to a dual-stack endpoint. You can also specify the dual-stack endpoint directly as an override of the AWS IoT FleetWise endpoint in the config file. For more information, see [Dual-stack and FIPS endpoints](https://docs.aws.amazon.com/sdkref/latest/guide/feature-endpoints.html).
When you use the AWS CLI, you can set the configuration value `use_dualstack_endpoint` as `true` in a profile in your AWS Config file. This will direct all AWS IoT FleetWise requests made by the commands to the dual-stack endpoint for the specified region. You specify the region in the config file or in a command using the `--region` option.
```
$ aws configure set default.iotfleetwise.use_dualstack_endpoint true
```
Instead of using the dual-stack endpoints for all commands, to use these endpoints for specific commands:
+ You can use the dual-stack endpoint for specific commands by setting the `--endpoint-url` parameter for those commands. For example, in the following command, you can replace the ** to `iotfleetwise..api.aws`.
```
aws iotfleetwise list-fleets \
--endpoint-url
```
+ You can set up separate profiles in your AWS Config file. For example, create one profile that sets `use_dualstack_endpoint` to true, and a profile that does not set `use_dualstack_endpoint`. When you run a command, specify which profile you want to use, depending upon whether or not you want to use the dual-stack endpoint.