Prerequisites for OTA updates using HTTP - FreeRTOS
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Prerequisites for OTA updates using HTTP

This section describes the general requirements for using HTTP to perform over-the-air (OTA) updates. Beginning with version 201912.00, FreeRTOS OTA can use either the HTTP or MQTT protocol to transfer firmware update images from Amazon IoT to devices.

  • Although the HTTP protocol might be used to transfer the firmware image, the coreMQTT Agent library is still required because other interactions with Amazon IoT Core use the coreMQTT Agent library, including sending or receiving job execution notifications, job documents, and execution status updates.

  • When you specify both MQTT and HTTP protocols for the OTA update job, the setup of the OTA Agent software on each individual device determines the protocol used to transfer the firmware image. To change the OTA Agent from the default MQTT protocol method to the HTTP protocol, you can modify the header files used to compile the FreeRTOS source code for the device.

  • Presigned URLs work only if the resource owner has an ICP license. Your request must provide credentials explicitly. Any other form of request is considered anonymous, including the presigned URL. Anonymous requests are allowed only if the resource owner has an ICP license. Because a signing key in Signature Version 4 is valid for only seven days, presigned URLs are also valid for up to seven days.

Minimum requirements

  • Device firmware must include the necessary FreeRTOS libraries (coreMQTT Agent, HTTP, OTA Agent, and their dependencies).

  • FreeRTOS version 201912.00 or later is required to change the configuration of the OTA protocols to enable OTA data transfer over HTTP.


See the following configuration of the OTA protocols in the \vendors\boards\board\aws_demos\config_files\ota_config.h file.

To enable OTA data transfer over HTTP

  2. When the OTA updates, you can specify both protocols so that either MQTT or HTTP protocol can be used., You can set the primary protocol used by the device to HTTP by changing configOTA_PRIMARY_DATA_PROTOCOL to OTA_DATA_OVER_HTTP.


HTTP is only supported for OTA data operations. For control operations, you must use MQTT.

Device specific configurations


Due to a limited amount of RAM, you must turn off BLE when you enable HTTP as an OTA data protocol. In the vendors/espressif/boards/esp32/aws_demos/config_files/aws_iot_network_config.h file, change configENABLED_NETWORKS to AWSIOT_NETWORK_TYPE_WIFI only.

/** * @brief Configuration flag which is used to enable one or more network interfaces for a board. * * The configuration can be changed any time to keep one or more network enabled or disabled. * More than one network interfaces can be enabled by using 'OR' operation with flags for * each network types supported. Flags for all supported network types can be found * in "aws_iot_network.h" * */ #define configENABLED_NETWORKS ( AWSIOT_NETWORK_TYPE_WIFI )

Memory usage

When MQTT is used for data transfer, no additional heap memory is required for the MQTT connection because it's shared between control and data operations. However, enabling data over HTTP requires additional heap memory. The following is the heap memory usage data for all supported platforms, calculated using the FreeRTOS xPortGetFreeHeapSize API. You must make sure there is enough RAM to use the OTA library.

Texas Instruments CC3220SF-LAUNCHXL

Control operations (MQTT): 12 KB

Data operations (HTTP): 10 KB


TI uses significantly less RAM because it does SSL on hardware, so it doesn't use the mbedtls library.

Microchip Curiosity PIC32MZEF

Control operations (MQTT): 65 KB

Data operations (HTTP): 43 KB

Espressif ESP32

Control operations (MQTT): 65 KB

Data operations (HTTP): 45 KB


BLE on ESP32 takes about 87 KB RAM. There's not enough RAM to enable all of them, which is mentioned in the device specific configurations above.

Windows simulator

Control operations (MQTT): 82 KB

Data operations (HTTP): 63 KB

Nordic nrf52840-dk

HTTP is not supported.

Device policy

This policy allows you to use either MQTT or HTTP for OTA updates.

Each device that receives an OTA update using HTTP must be registered as a thing in Amazon IoT and the thing must have an attached policy like the one listed here. You can find more information about the items in the "Action" and "Resource" objects at Amazon IoT Core Policy Actions and Amazon IoT Core Action Resources.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:Connect", "Resource": "arn:partition:iot:region:account:client/${iot:Connection.Thing.ThingName}" }, { "Effect": "Allow", "Action": "iot:Subscribe", "Resource": [ "arn:partition:iot:region:account:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*" ] }, { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Receive" ], "Resource": [ "arn:partition:iot:region:account:topic/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*" ] } ] }
  • The iot:Connect permissions allow your device to connect to Amazon IoT over MQTT.

  • The iot:Subscribe and iot:Publish permissions on the topics of Amazon IoT jobs (.../jobs/*) allow the connected device to receive job notifications and job documents, and to publish the completion state of a job execution.

  • The iot:Receive permissions allow Amazon IoT Core to publish messages on those topics to the current connected device. This permission is checked on every delivery of an MQTT message. You can use this permission to revoke access to clients that are currently subscribed to a topic.