Amazon Web Services (AWS)#

Amazon Web Services offers reliable, scalable, and inexpensive cloud computing services. Refer to AWS Documentation for more details.

AWS CA Certitifcate Registration#

  1. Create a CA certificate, a client certificate and a client key using the Openssl Certificate Creation documentation.

  2. Open AWS.

  3. Login using your AWS credentials.

  4. Register the CA Certificate in AWS:

    • Go to Security -> Certificate Authorities and Register CA Certificate.

    • Select Register CA in the Multi-account mode.

    • Choose the CA certificate that you previously created in the Openssl Certificate Creation (CA.crt) step in the CA certificate registration, and set the CA status to Active and the Automatic certificate registration option to ON.

    • Register the CA.

  5. Go to Security -> Policies and select Create Policy. Enter the policy name (ex: DIC_POLICY) and in the policy statements select JSON and replace the contents with the JSON provided below:

 {
   "Version": "2012-10-17",
   "Statement": [
    {
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
    }
  ]
 }
  1. Once done, select Create.

  2. Steps to generate the certificate for your Matter application to use in the dic_nvm_cert.cpp source file.

    • Go to All Devices -> Things and select Create Things.

    • Select Create Single Thing and click Next.

    • Specify thing properties Info -> Give the thing a name (Note: Client ID) and click Next.

    • Configure the device certificate - optional Info -> Use my certificate.

    • Certificate details -> Choose CA is registered with AWS IOT and Select the CA that registered with AWS in Step 4.

    • Certificate -> Choose file (Choose Client certificate generated in Openssl Certificate Creation ex: device.crt) and set the certificate status to Active. Click Next.

    • Use the policy(ex: DIC_POLICY) created in AWS Certificate Creation.

  3. Repeat Step 5 to create a new thing to use in MQTT Explorer using the certificate created for MQTT explorer ( from Openssl Certificate Creation ex: explorer.crt)

    Note: Thing name must be unique as it will be used as CLIENT ID.

  4. Copy the contents of AWS_CA CERT and create a .pem file to use as a SERVER CERTIFICATE in MQTT Explorer.

How to create AWS OTA JOB#

  1. Go to AWS Amazon link https://aws.amazon.com/.

  2. Login with Amazon Credentials.

  3. Click on Services and select IOT Core.

  4. On the side menu in Manage Section, click Remote Actions and click jobs.

  5. Click Create Job and select Job type as a Create FreeRTOS OTA update job.

  6. Enter a unique Job name without spaces.

  7. In the Devices to update dropdown, select your Certificates which is configured above. for example:- SQA_DIC_C2, SQA_DIC_C3, DIC_2

  8. Select MQTT as the protocol for file transfer.

  9. In File Section, select New/Previously/Custom signed gbl(For EFR32) and .rps(For 917 SOC) file.

    • If the gbl or rps file is newly created, then select Sign a new file for me.

    • If the gbl or rps file is already uploaded to AWS, then select Choose a previously signed file.

    • If the gbl or rps file is custom modified, then select Use my custom signed file.

  10. In Existing code signing profile, select dic_ota_codesign. Refer to AWS Code Signing Certificate Creation.

  11. For uploading the gbl or rps file, follow step 9 above. To create a gbl refer to Matter OTA and for rps file, refer to Matter OTA.

  12. In the File upload location in S3 select, S3 URL as ota_demo. Refer to AWS S3 bucket Creation.

  13. In Path name of file on device, give any file name (file.txt).

  14. Select ota_demo as IAM role and click Next.

  15. Click create job.

Note: For more details, Refer AWS OTA prerequisites