Amazon FreeRTOS
User Guide

Create an OTA Update Service Role

The OTA Update service assumes this role to create and manage OTA update jobs on your behalf.

To create an OTA service role

  1. Sign in to the https://console.aws.amazon.com/iam/.

  2. From the navigation pane, choose Roles.

  3. Choose Create role.

  4. Under Select type of trusted entity, choose AWS Service.

  5. Choose IoT from the list of AWS services.

  6. Under Select your use case, choose IoT.

  7. Choose Next: Tags.

  8. Choose Next: Review.

  9. Type a role name and description, and then choose Create role.

For more information about IAM roles, see IAM Roles.

To add OTA update permissions to your OTA service role

  1. In the search box on the IAM console page, enter the name of your role, and then choose it from the list.

  2. Choose Attach policies.

  3. In the Search box, enter AmazonFreeRTOSOTAUpdate. In the list of managed policies, check AmazonFreeRTOSOTAUpdate , and then choose Attach policy.

To add the required permissions to your OTA service role

  1. In the search box on the IAM console page, enter the name of your role and then choose it from the list.

  2. Choose Add inline policy.

  3. Choose the JSON tab.

  4. Copy and paste the following policy document into the text box. Replace <example-bucket> with the name of your bucket.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObjectVersion", "s3:GetObject" ], "Resource": "arn:aws:s3:::<example-bucket>/*" } ] }

    This policy grants your OTA service role permission to read Amazon S3 objects.

  5. Choose Review policy.

  6. Enter a name for the policy, and then choose Create policy.