# OTA Integration Tests
The OTATest uses the IoT OTA system to test receipt of large payloads.
## Prerequisites
### Locally
1. Create a test code signing certificate. This will be used below.
### S3
1. Create a bucket to store the OTA binary, e.g., "ios-sdk-iot-ota-integ-test"
1. Upload a file to use as the "firmware update" for the test. It should be 500KB - 1MB in size to provide a reasonable test. Call it "ota_integ_test.bin"
### IoT Core
1. Create a Thing Group named `OTA_INTEG_TEST`
- Optionally set an attribute `ota_integ_test` to have a value of `1`
1. Create an IAM role called "OTAIntegTest", with the following inline policy.
- Replace `ios-sdk-iot-ota-integ-test` in the policy with the bucket name you created above.
- Replace `<account id>` with your test account's ID
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::<bucket name>",
"arn:aws:s3:::<bucket name>*"
]
},
{
"Sid": "PassRole",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::<account id>:role/OTAIntegTest"
]
},
{
"Sid": "DeleteJob",
"Effect": "Allow",
"Action": [
"iot:DeleteJob"
],
"Resource": [
"arn:aws:iot:*:*:job/AFR_OTA*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"iot:CreateJob",
"iot:CreateStream",
"signer:DescribeSigningJob",
"signer:GetSigningProfile",
"signer:PutSigningProfile",
"signer:StartSigningJob",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "iot:DeleteStream",
"Resource": "arn:aws:iot:*:*:stream/AFR_OTA*"
}
]
}
```
1. Create an OTA Job
1. In IoT Core console, go to Manage > Jobs > "Create a job"
1. Select "Create OTA update job" from the "Create an Amazon FreeRTOS OTA update job" section
1. In the "Select devices to update" section, select the `OTA_INTEG_TEST` Thing Group you created above
1. Select "Sign a new firmware image for me"
1. Create a code signing profile:
- **Profile name**: `OTA_INTEG_TEST`
- **Hardware platform**: Any value is fine, e.g., `Windows Simulator`
- **Code signing certificate**: Import the code signing certificate created above. If you used a test self-signed certificate, you will also need the self-signed root CA.
- **Pathname of code signing certificate on device**: Any value is fine, e.g. `/path/to/cert`
1. **Select your firmware image in S3 or upload it**: select the bucket and "firmware image" you uploaded to S3 above
1. **Pathname of firmware image on device**: Any value is fine, e.g., `/path/to/firmware`
1. **IAM role for OTA update job**: Select the role you created above, that gives access to the S3 bucket you created above
1. Select **Your job will continue deploying to any devices added to the selected groups (continuous)**
1. **ID**: Select a meaningful ID (e.g. `OTA_INTEG_TEST_<YYYYMMDD>`). The ID is only used for easy identification in the console, so it doesn't have to conform to any particular naming convention. The ID of the job will be *appended* after the string "AFR_OTA".
### IAM
Ensure the Unauth role assumed during the integration test is authorized to perform `iam:PassRole` on the `OTAIntegTest` role created above.