The OTATest uses the IoT OTA system to test receipt of large payloads.

1. Create a test code signing certificate. This will be used below.

1. Create a bucket to store the OTA binary, e.g., "ios-sdk-iot-ota-integ-test"
2. Upload a file to use as the "firmware update" for the test. It should be 500KB - 1MB in size to provide a reasonable test. Call it "ota_integ_test.bin"

1. Create a Thing Group named OTA_INTEG_TEST

• Optionally set an attribute ota_integ_test to have a value of 1

1. Create an IAM role called "OTAIntegTest", with the following inline policy.

• Replace ios-sdk-iot-ota-integ-test in the policy with the bucket name you created above.
• Replace <account id> with your test account's ID

  {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
          "s3:PutObject",
          "s3:GetObject",
          "s3:GetObjectVersion"
        ],
        "Resource": [
          "arn:aws:s3:::<bucket name>",
          "arn:aws:s3:::<bucket name>*"
        ]
      },
      {
        "Sid": "PassRole",
        "Effect": "Allow",
        "Action": [
          "iam:PassRole"
        ],
        "Resource": [
          "arn:aws:iam::<account id>:role/OTAIntegTest"
        ]
      },
      {
        "Sid": "DeleteJob",
        "Effect": "Allow",
        "Action": [
          "iot:DeleteJob"
        ],
        "Resource": [
          "arn:aws:iot:*:*:job/AFR_OTA*"
        ]
      },
      {
        "Sid": "VisualEditor1",
        "Effect": "Allow",
        "Action": [
          "iot:CreateJob",
          "iot:CreateStream",
          "signer:DescribeSigningJob",
          "signer:GetSigningProfile",
          "signer:PutSigningProfile",
          "signer:StartSigningJob",
          "s3:ListAllMyBuckets",
          "s3:ListBucket",
          "s3:GetBucketLocation"
        ],
        "Resource": "*"
      },
      {
        "Sid": "VisualEditor2",
        "Effect": "Allow",
        "Action": "iot:DeleteStream",
        "Resource": "arn:aws:iot:*:*:stream/AFR_OTA*"
      }
    ]
  }

1. Create an OTA Job
2. In IoT Core console, go to Manage > Jobs > "Create a job"
3. Select "Create OTA update job" from the "Create an Amazon FreeRTOS OTA update job" section
4. In the "Select devices to update" section, select the OTA_INTEG_TEST Thing Group you created above
5. Select "Sign a new firmware image for me"
6. Create a code signing profile: - Profile name: OTA_INTEG_TEST - Hardware platform: Any value is fine, e.g., Windows Simulator - Code signing certificate: Import the code signing certificate created above. If you used a test self-signed certificate, you will also need the self-signed root CA. - Pathname of code signing certificate on device: Any value is fine, e.g. /path/to/cert
7. Select your firmware image in S3 or upload it: select the bucket and "firmware image" you uploaded to S3 above
8. Pathname of firmware image on device: Any value is fine, e.g., /path/to/firmware
9. IAM role for OTA update job: Select the role you created above, that gives access to the S3 bucket you created above
10. Select Your job will continue deploying to any devices added to the selected groups (continuous)
11. ID: Select a meaningful ID (e.g. OTA_INTEG_TEST_<YYYYMMDD>). The ID is only used for easy identification in the console, so it doesn't have to conform to any particular naming convention. The ID of the job will be appended after the string "AFR_OTA".

Ensure the Unauth role assumed during the integration test is authorized to perform iam:PassRole on the OTAIntegTest role created above.