Code Signing for AWS IoT
Developer Guide

Integrated Services

Code signing is integrated with the following services.

Amazon FreeRTOS

Amazon FreeRTOS is a microcontroller operating system based on the FreeRTOS kernel. It includes libraries for connectivity and security. You can build and deploy your embedded applications on top of Amazon FreeRTOS. To ensure the security of deployments to these microcontrollers, Amazon FreeRTOS uses code signing for the initial manufacture of these devices and subsequent over-the-air updates. You can use code signing through the Amazon FreeRTOS console to sign your code images before you deploy them to a microcontroller.

AWS IoT Device Management

With AWS IoT Device Management you can manage Internet-connected devices and establish secure, bidirectional communication between them. To do so, AWS IoT Device Management uses code signing to authenticate each device in your IoT environment. You can use code signing through the AWS IoT Device Management console to sign your code images before you deploy them to a microcontroller.

AWS Certificate Manager (ACM)

ACM handles the complexity of creating and managing or importing SSL/TLS certificates. You use ACM to create an ACM certificate or import a third-party certificate that you use for signing. You must have a certificate to sign code. For more information about certificates, see AWS Certificate Manager User Guide.

CloudTrail

You can use AWS CloudTrail to record API calls that are made to code signing. CloudTrail is an AWS service that simplifies governance, compliance, and risk auditing by providing visibility into actions made in your AWS account. For more information, see the AWS CloudTrail User Guide.

CloudWatch Events

You can use CloudWatch Events to monitor code signing objects. CloudWatch Events is an AWS service that monitors the statuses of AWS resources in real time, making it easy to automate service work flows and notifications. For more information, see the Amazon CloudWatch Events User Guide.