Create an OTA user policy
You must grant your user permission to perform over-the-air updates. Your user must have permissions to:
-
Access the S3 bucket where your firmware updates are stored.
-
Access certificates stored in Amazon Certificate Manager.
-
Access the Amazon IoT MQTT-based file delivery feature.
-
Access FreeRTOS OTA updates.
-
Access Amazon IoT jobs.
-
Access IAM.
-
Access Code Signing for Amazon IoT. See Grant access to code signing for Amazon IoT.
-
List FreeRTOS hardware platforms.
-
Tag and untag Amazon IoT resources.
To grant your user the required permissions, see IAM Policies. Also see Authorizing users and cloud services to use Amazon IoT Jobs.
To provide access, add permissions to your users, groups, or roles:
-
Users managed in IAM through an identity provider:
Create a role for identity federation. Follow the instructions in Creating a role for a third-party identity provider (federation) in the IAM User Guide.
-
IAM users:
-
Create a role that your user can assume. Follow the instructions in Creating a role for an IAM user in the IAM User Guide.
-
(Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in Adding permissions to a user (console) in the IAM User Guide.
-