Get CreateOTAUpdate failure details using the Amazon CLI - FreeRTOS
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Get CreateOTAUpdate failure details using the Amazon CLI

If the process of creating an OTA update job fails, there may be actions you can take to remedy the problem. When you create an OTA update job, the OTA manager service creates an IoT job and schedules it for the target devices, and this process also creates or uses other types of Amazon resources in your account (a code-signing job, an Amazon IoT stream, an Amazon S3 object). Any error encountered may cause the process to fail without creating an Amazon IoT job. In this troubleshooting section we give instructions on how to retrieve the details of the failure.

  1. Install and configure the Amazon CLI.

  2. Run aws configure and enter the following information.

    $ aws configure
Amazon Access Key ID [None]: AccessID
Amazon Secret Access Key [None]: AccessKey
Default region name [None]: Region
Default output format [None]: json

    For more information, see Quick configuration with aws configure.

  3. Run: 

    aws iot get-ota-update --ota-update-id ota_update_job_001

    Where ota_update_job_001 is the ID you gave the OTA update when you created it.

  4. The output will look like this:

    {
    "otaUpdateInfo": {
        "otaUpdateId": "ota_update_job_001",
        "otaUpdateArn": "arn:aws-cn:iot:region:account_id:otaupdate/ota_update_job_001",
        "creationDate": 1584646864.534,
        "lastModifiedDate": 1584646865.913,
        "targets": [
            "arn:aws-cn:iot:region:account_id:thing/thing_001"
        ],
        "protocols": [
            "MQTT"
        ],
        "awsJobExecutionsRolloutConfig": {},
        "awsJobPresignedUrlConfig": {},
        "targetSelection": "SNAPSHOT",
        "otaUpdateFiles": [
            {
               "fileName": "/12ds",
                "fileLocation": {
                    "s3Location": {
                        "bucket": "bucket_name",
                        "key": "demo.bin",
                        "version": "Z7X.TWSAS7JSi4rybc02nMdcE41W1tV3"
                    }
                },
                "codeSigning": {
                    "startSigningJobParameter": {
                        "signingProfileParameter": {},
                        "signingProfileName": "signing_profile_name",
                        "destination": {
                            "s3Destination": {
                                "bucket": "bucket_name",
                                "prefix": "SignedImages/"
                            }
                        }
                    },
                    "customCodeSigning": {}
                }
            }
        ],
        "otaUpdateStatus": "CREATE_FAILED",
        "errorInfo": {
            "code": "AccessDeniedException",
            "message": "S3 object demo.bin not accessible. Please check your permissions (Service: AWSSigner; Status Code: 403; Error Code: AccessDeniedException; Request ID: 01d8e7a1-8c7c-4d85-9fd7-dcde975fdd2d)"
        }
    }
}

    If the create failed, the otaUpdateStatus field in the command output will contain CREATE_FAILED and the errorInfo field will contain the details of the failure.