• State Verified Answer
  • Replies 2 replies
  • Subscribers 75 subscribers
  • Views 1050 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 263416
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

AWS FOTA download from S3 authentication

XavierN

Hello,

We are using the AWS library on a Thingy91 to enable FOTA. We have a working example where we store the bin file in S3 as instructed in the SDK documentation.

Now we would like to secure the bin files access which atm are accessible without any type of authentication, ie curl https://url_to_bin_file from anywhere WILL download the file as the example configures a permissive policy.

One alternative to authenticate the the downloads would be signed URLs but we don't see that the libraries implement that?

Another would be perhaps to use the SSL certificate that we already use for the https connection to perform mutual TLS authentication with the S3 endpoint but we haven't found a way to do that.

Is there a "best practice" recommendation for this case, ie how to perform authentication for the bin file that is downloaded via http in the FOTA process?

Thank you.

Parents Reply Children
  • 0 in reply to XavierN

    Can you give an example of how this would be implemented?

    I have not been able to get a FOTA job to work from a presigned app_update.bin url.

    Would you include the signed url in the path of the IoT Job json like this?

    {
  "operation": "app_fw_update",
  "fwversion": "v1.0.2",
  "size": 181124,
  "location": {
    "protocol": "http:",
    "host": "myfota-secure.s3.amazonaws.com",
    "path": "file_path?X-Amz-Algorithm=_____&X-Amz-Credential=____..."
  }
}

Related
Terms of service