Create an OTA user policy

You must grant your user permission to perform over-the-air updates. Your user must have permissions to:

Access the S3 bucket where your firmware updates are stored.
Access certificates stored in Amazon Certificate Manager.
Access the Amazon IoT MQTT-based file delivery feature.
Access FreeRTOS OTA updates.
Access Amazon IoT jobs.
Access IAM.
Access Code Signing for Amazon IoT. See Grant access to code signing for Amazon IoT.
List FreeRTOS hardware platforms.
Tag and untag Amazon IoT resources.

To provide access, add permissions to your users, groups, or roles:

Users managed in IAM through an identity provider:

Create a role for identity federation. Follow the instructions in Creating a role for a third-party identity provider (federation) in the IAM User Guide.
IAM users:
- Create a role that your user can assume. Follow the instructions in Creating a role for an IAM user in the IAM User Guide.
- (Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in Adding permissions to a user (console) in the IAM User Guide.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Create an OTA Update service role

Create a code-signing certificate