Tetra IoT Layer Post-Deployment Tasks

After the Tetra IoT Layer is deployed, you must perform these post-deployment tasks.

Configure a DNS Record to Point to the Loadbalancer

Create a DNS record iot.<platform URL> and point it to the CNAME record of IoT stack's loadbalancer.

Update iot s3 Bucket Permissions

Once the stack installation is complete, we need to allow Tetra IoT Layer EC2 instance write data to DIP iot bucket. To do this, complete the following steps.

  1. In AWS Console, go to EC2 → Instances.
  2. Select the iot-emq instance.
  3. Under Details tab, click on IAM Role link.
  4. Copy the Role ARN.
  5. Go to Amazon S3 and open <DIP stack>-iot bucket.
  6. Open the Permissions tab and edit the Bucket policy.
  7. Add below policy statement by replacing EC2 role ARN copied in step 4.
  8. Click Save changes.
        "Version": "2012-10-17",
        "Statement": [
                "Sid": "iot",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "{ROLE ARN FROM STEP 4}"
                "Action": [
                "Resource": "arn:aws:s3:::{BUCKET NAME}/*",
                "Condition": {
                    "StringLike": {
                        "s3:x-amz-acl": "bucket-owner-full-control"

Change default login (UI) password

The web UI URL will be https://iot.<TDP DOMAIN>:8189/

  1. Login to UI with the default user admin@tetrascience. (Request the credentials from Tetrascience.)
  2. Go to Users and click on Edit next to the admin username.
  3. Enter a new password and save. (You might need to enter a mobile number before saving the password.)

Create an account for API access

  1. Go to Users page in above UI and click on New User.
  2. Set the following values and click on Save.
  • User Name: api
  • New password: Set a new password
  • Name: api
  • User Type: Administrator
  • Mobile Number: 1
  1. In AWS Console, Go to Systems manager --> Parameter store. Add the parameters listed below.
Parameter nameTypeValue
/tetrascience/production/ECS/ts-service-anylink/ANYLINK_USERNAMESecure stringapi
/tetrascience/production/ECS/ts-service-anylink/ANYLINK_PASSWORDSecure stringThe password of api user
  1. Restart ts-service-anylink-tls ECS service