Amazon FreeRTOS
User Guide

Creating an OTA Update Service Role

The OTA Update service assumes this role to create and manage OTA update jobs on your behalf.

To create an OTA service role

  1. Sign in to the https://console.aws.amazon.com/iam/.

  2. From the navigation pane, choose Roles.

  3. Choose Create role.

  4. Under Select type of trusted entity, choose AWS Service.

  5. Choose IoT from the list of AWS services.

  6. Under Select your use case, choose IoT allows IoT to call AWS services on your behalf.

  7. Choose Next: Permissions.

  8. Choose Next: Review.

  9. Type a role name and description, and then choose Create role.

For more information about IAM roles, see IAM Roles.

To add OTA update permissions to your OTA service role

  1. In the search box on the IAM console page, enter the name of your role, and then choose it from the list.

  2. Choose Attach policy.

  3. In the Search box, enter AmazonFreeRTOSOTAUpdate. In the list of managed policies, select AmazonFreeRTOSOTAUpdate , and then choose Attach policy.

To add the required permissions to your OTA service role

  1. In the search box on the IAM console page, enter the name of your role and then choose it from the list.

  2. In the lower right, choose Add inline policy.

  3. Choose the JSON tab.

  4. Copy and paste the following policy document into the text box. Replace <example-bucket> with the name of your bucket.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::<your_account_id>:role/<your_role_name>" } ] }

    If you provide your own bucket name, use the following policy to grant your service role access to your bucket:

    "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObjectVersion", "s3:GetObject" ], "Resource": "arn:aws:s3:::<example-bucket>/*" } ]
  5. Choose Review policy.

  6. Enter a name for the policy and then choose Create policy.