Create an OTA user policy

You must grant your user permission to perform over-the-air updates. Your user must have permissions to:

• Access the S3 bucket where your firmware updates are stored.

• Access certificates stored in AWS Certificate Manager.

• Access the AWS IoT MQTT-based file delivery feature.

• Access FreeRTOS OTA updates.

• Access AWS IoT jobs.

• Access IAM.

• Access Code Signing for AWS IoT. See Grant access to code signing for AWS IoT.

• List FreeRTOS hardware platforms.

• Tag and untag AWS IoT resources.

To grant your user the required permissions, see IAM Policies. Also see Authorizing users and cloud services to use AWS IoT Jobs.

To provide access, add permissions to your users, groups, or roles:

• Users and groups in AWS IAM Identity Center:

  Create a permission set. Follow the instructions in Create a permission set in the AWS IAM Identity Center User Guide.

• Users managed in IAM through an identity provider:

  Create a role for identity federation. Follow the instructions in Creating a role for a third-party identity provider (federation) in the IAM User Guide.

• IAM users:

  • Create a role that your user can assume. Follow the instructions in Creating a role for an IAM user in the IAM User Guide.

  • (Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in Adding permissions to a user (console) in the IAM User Guide.