Skip to content

Latest commit

 

History

History
89 lines (68 loc) · 3.3 KB

create-ota-user-policy.md

File metadata and controls

89 lines (68 loc) · 3.3 KB
Raw

Create an OTA user policy

You must grant your IAM user permission to perform over-the-air updates. Your IAM user must have permissions to:

  • Access the S3 bucket where your firmware updates are stored.
  • Access certificates stored in AWS Certificate Manager.
  • Access the AWS IoT MQTT-based file delivery feature.
  • Access FreeRTOS OTA updates.
  • Access AWS IoT jobs.
  • Access IAM.
  • Access Code Signing for AWS IoT. See Grant access to code signing for AWS IoT.
  • List FreeRTOS hardware platforms.

To grant your IAM user the required permissions, create an OTA user policy and then attach it to your IAM user. For more information, see IAM Policies.

To create an OTA user policy

  1. Open the https://console.aws.amazon.com/iam/ console.

  2. In the navigation pane, choose Users.

  3. Choose your IAM user from the list.

  4. Choose Add permissions.

  5. Choose Attach existing policies directly.

  6. Choose Create policy.

  7. Choose the JSON tab, and copy and paste the following policy document into the policy editor:

    {
    "Version":"2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:ListAllMyBuckets",
                "s3:CreateBucket",
                "s3:PutBucketVersioning",
                "s3:GetBucketLocation",
                "s3:GetObjectVersion",
                "s3:ListBucketVersions",
                "acm:ImportCertificate",
                "acm:ListCertificates",
                "iot:*",
                "iam:ListRoles",
                "freertos:ListHardwarePlatforms",
                "freertos:DescribeHardwarePlatform"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::example-bucket/*"
        },
        {   
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::your-account-id:role/role-name"
        }
    ]
}

    Replace example-bucket with the name of the Amazon S3 bucket where your OTA update firmware image is stored. Replace your-account-id with your AWS account ID. You can find your AWS account ID in the upper right of the console. When you enter your account ID, remove any dashes (-). Replace role-name with the name of the IAM service role you just created.

  8. Choose Review policy.

  9. Enter a name for your new OTA user policy, and then choose Create policy.

To attach the OTA user policy to your IAM user

  1. In the IAM console, in the navigation pane, choose Users, and then choose your user.

  2. Choose Add permissions.

  3. Choose Attach existing policies directly.

  4. Search for the OTA user policy you just created and select the check box next to it.

  5. Choose Next: Review.

  6. Choose Add permissions.