# Set up the LTS qualification prerequisites
This section describes the prerequisites for testing microcontrollers with Amazon IoT Device Tester.
## Prepare for FreeRTOS qualification
**Note**
Amazon IoT Device Tester for FreeRTOS strongly recommends using the latest patch release of the most recently FreeRTOS-LTS version.
IDT for FRQ 2.0 is a qualification for FreeRTOS. Before running IDT FRQ 2.0 for qualification, you must complete [Qualifying your board](https://docs.amazonaws.cn/freertos/latest/qualificationguide/freertos-qualification.html) in the *FreeRTOS Qualification Guide*. To port libraries, tests, and setup the `manifest.yml`, see [Porting the FreeRTOS libraries](https://docs.amazonaws.cn/freertos/latest/portingguide/afr-porting.html) in the *FreeRTOS Porting Guide*. FRQ 2.0 contains a different process for qualification. See [Latest changes in qualification](https://docs.amazonaws.cn/freertos/latest/qualificationguide/latest-changes.html) in the *FreeRTOS qualification guide* for details.
The [FreeRTOS-Libraries-Integration-Tests](https://github.com/FreeRTOS/FreeRTOS-Libraries-Integration-Tests) repository must be present for IDT to run. See the [README.md](https://github.com/FreeRTOS/FreeRTOS-Libraries-Integration-Tests/blob/main/README.md) on how to clone and port this repository to your source project. FreeRTOS-Libraries-Integration-Tests must include the `manifest.yml` located in the root of your project, for IDT to run.
**Note**
IDT is dependent on the tests repository's implementation of `UNITY_OUTPUT_CHAR`. The test output logs and the device logs must not interleave with each other. See [ Implementing the library logging macros](https://docs.amazonaws.cn/freertos/latest/portingguide/afr-library-logging-macros.html) section in the *FreeRTOS Porting Guide* for further details.
## Download IDT for FreeRTOS
Every version of FreeRTOS has a corresponding version of IDT for FreeRTOS to perform qualification tests. Download the appropriate version of IDT for FreeRTOS from [ Supported versions of Amazon IoT Device Tester for FreeRTOS](https://docs.aws.amazon.com/freertos/latest/userguide/dev-test-versions-afr.html).
Extract IDT for FreeRTOS to a location on the file system where you have read and write permissions. Since Microsoft Windows has a character limit for the path length, extract IDT for FreeRTOS into a root directory such as `C:\` or `D:\`.
**Note**
Multiple users must not run IDT from a shared location, such as an NFS directory or a Windows network shared folder. This will result in crashes or data corruption. We recommend that you extract the IDT package to a local drive.
## Download Git
IDT must have Git installed as a prerequisite to ensure source code integrity.
Follow the instructions in the [GitHub](https://github.com/git-guides/install-git) guide to install Git. To verify the current installed version of Git, enter the command `git --version` at the terminal.
**Warning**
IDT uses Git to align with a directory's status of clean or dirty. If Git is not installed, the `FreeRTOSIntegrity` test groups will either fail, or won't run as expected. If IDT returns an error such as `git executable not found` or `git command not found`, install or re-install Git and try again.
**Topics**
+ [Prepare for FreeRTOS qualification](#idt-preparing-qualification)
+ [Download IDT for FreeRTOS](#idt-download-dev-tester-afr)
+ [Download Git](#idt-download-git)
+ [Create an Amazon account](#lts-config-aws-account)
+ [Amazon IoT Device Tester managed policy](#managed-policy)
+ [(Optional) Install the Amazon Command Line Interface](#install-cli)
## Create an Amazon account
**Note**
The full IDT qualification suite is supported only in the following Amazon Web Services Regions
US East (N. Virginia)
US West (Oregon)
Asia Pacific (Tokyo)
Europe (Ireland)
In order to test your device, IDT for FreeRTOS creates resources like Amazon IoT things, FreeRTOS groups and Lambda functions. To create those resources, IDT for FreeRTOS requires you to create and configure an Amazon account, and an IAM policy that grants IDT for FreeRTOS permission to access resources on your behalf while running tests.
The following steps are to create and configure your Amazon account.
1. If you already have an Amazon account, skip to the next step. Else create an [Amazon account](https://www.amazonaws.cn/premiumsupport/knowledge-center/create-and-activate-aws-account/).
1. Follow the steps in [ Creating IAM roles](https://docs.amazonaws.cn/IAM/latest/UserGuide/id_roles_create_for-user.html). Do not add permissions or policies at this time.
1. To run OTA qualification tests, go to Step 4. Else go to Step 5.
1. Attach the OTA IAM permissions inline policy to your IAM role.
1.
**Important**
The following policy template grants IDT permission to create roles, create policies, and attach policies to roles. IDT for FreeRTOS uses these permissions for tests that create roles. Although the policy template doesn't provide administrator privileges to the user, the permissions can be used to gain administrator access to your Amazon account.
1. Follow the steps below to attach the necessary permissions to your IAM role:
1. On the **Permissions** page, choose **Add permissions**.
1. Choose **Create inline policy**.
1. Choose the **JSON** tab and copy the following permissions in to the **JSON** text box. Use the template under **Most Regions** if you are not in the China region. If you are in the China region, use the template under **Beijing and Ningxia Regions**.
------
#### [ Most Regions ]
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iotdeviceadvisor:*",
"Resource": [
"arn:aws-cn:iotdeviceadvisor:*:*:suiterun/*/*",
"arn:aws-cn:iotdeviceadvisor:*:*:suitedefinition/*"
]
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "arn:aws-cn:iam::*:role/idt*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "iotdeviceadvisor.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"execute-api:Invoke*",
"iam:ListRoles",
"iot:Connect",
"iot:CreateJob",
"iot:DeleteJob",
"iot:DescribeCertificate",
"iot:DescribeEndpoint",
"iot:DescribeJobExecution",
"iot:DescribeJob",
"iot:DescribeThing",
"iot:GetPolicy",
"iot:ListAttachedPolicies",
"iot:ListCertificates",
"iot:ListPrincipalPolicies",
"iot:ListThingPrincipals",
"iot:ListThings",
"iot:Publish",
"iot:UpdateThingShadow",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:PutRetentionPolicy"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iotdeviceadvisor:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "logs:DeleteLogGroup",
"Resource": "arn:aws-cn:logs:*:*:log-group:/aws/iot/deviceadvisor/*"
},
{
"Effect": "Allow",
"Action": "logs:GetLogEvents",
"Resource": "arn:aws-cn:logs:*:*:log-group:/aws/iot/deviceadvisor/*:log-stream:*"
},
{
"Effect": "Allow",
"Action": [
"iam:CreatePolicy",
"iam:DetachRolePolicy",
"iam:DeleteRolePolicy",
"iam:DeletePolicy",
"iam:CreateRole",
"iam:DeleteRole",
"iam:AttachRolePolicy"
],
"Resource": [
"arn:aws-cn:iam::*:policy/idt*",
"arn:aws-cn:iam::*:role/idt*"
]
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameters"
],
"Resource": [
"arn:aws-cn:ssm:*::parameter/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:RunInstances",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateKeyPair",
"ec2:DeleteKeyPair"
],
"Resource": [
"arn:aws-cn:ec2:*:*:key-pair/idt-ec2-ssh-key-*"
]
},
{
"Effect": "Allow",
"Condition": {
"StringEqualsIgnoreCase": {
"aws:ResourceTag/Owner": "IoTDeviceTester"
}
},
"Action": [
"ec2:TerminateInstances",
"ec2:DeleteSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": [
"*"
]
}
]
}
```
------
------
#### [ Beijing and Ningxia Regions ]
The following policy template can be used in the Beijing and Ningxia Regions.
------
1. When you're finished, choose **Review policy**.
1. Enter **IDTFreeRTOSIAMPermissions** as the policy name.
1. Choose **Create policy**.
1. Attach **AWSIoTDeviceTesterForFreeRTOSFullAccess** to your IAM role.
1. To attach the necessary permissions to your IAM role:
1. On the **Permissions** page, choose **Add permissions**.
1. Choose **Attach policies**.
1. Search for the **AWSIoTDeviceTesterForFreeRTOSFullAccess** policy. Check the box.
1. Choose **Add permissions**.
1. Export credentials for IDT. See [Getting IAM role credentials for CLI access](https://docs.amazonaws.cn/singlesignon/latest/userguide/howtogetcredentials.html) for details.
## Amazon IoT Device Tester managed policy
The `AWSIoTDeviceTesterForFreeRTOSFullAccess` managed policy contains the following Amazon IoT Device Tester permissions for version checking, auto update features, and collection of metrics.
+ `iot-device-tester:SupportedVersion`
Grants Amazon IoT Device Tester permission to fetch the list of supported products, test suites and IDT versions.
+ `iot-device-tester:LatestIdt`
Grants Amazon IoT Device Tester permission to fetch the latest IDT version available for download.
+ `iot-device-tester:CheckVersion`
Grants Amazon IoT Device Tester permission to check version compatibility for IDT, test suites and products.
+ `iot-device-tester:DownloadTestSuite`
Grants Amazon IoT Device Tester permission to download test suite updates.
+ `iot-device-tester:SendMetrics`
Grants Amazon permission to collect metrics about Amazon IoT Device Tester internal usage.
## (Optional) Install the Amazon Command Line Interface
You might prefer to use the Amazon CLI to perform some operations. If you don't have the Amazon CLI installed, follow the instructions at [Install the Amazon CLI](https://docs.amazonaws.cn/cli/latest/userguide/installing.html).
Configure the Amazon CLI for the Amazon Region you want to use by running **aws configure** from a command line. For information about the Amazon Regions that support IDT for FreeRTOS, see [Amazon Regions and Endpoints](https://docs.amazonaws.cn/general/latest/gr/rande.html#amazon-freertos-ota-control). For more information about **aws configure** see [ Quick configuration with **aws configure**](https://docs.amazonaws.cn/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config).