Jan 2019 documentation updates

doc_source/.gitignore

@@ -0,0 +1 @@
+.DS_Store

doc_source/code-sign-policy.md

@@ -1,8 +1,8 @@
-# Granting Access to Code Signing for Amazon FreeRTOS<a name="code-sign-policy"></a>
+# Grant Access to Code Signing for AWS IoT<a name="code-sign-policy"></a>
 
-In production environments, you should digitally sign your firmware update to ensure the authenticity and integrity of the update\. You can sign your update manually or you can use Code Signing for Amazon FreeRTOS to sign your code\. To use Code Signing for Amazon FreeRTOS, you must grant your IAM user account access to Code Signing for Amazon FreeRTOS\.<a name="grant-user-account-code-signing-permissions"></a>
+In production environments, you should digitally sign your firmware update to ensure the authenticity and integrity of the update\. You can sign your update manually or you can use Code Signing for AWS IoT to sign your code\. To use Code Signing for Amazon FreeRTOS, you must grant your IAM user account access to Code Signing for Amazon FreeRTOS\.<a name="grant-user-account-code-signing-permissions"></a>
 
-**To grant your IAM user account permissions for Code Signing for Amazon FreeRTOS**
+**To grant your IAM user account permissions for Code Signing for AWS IoT**
 
 1. Sign in to the [https://console\.aws\.amazon\.com/iam/](https://console.aws.amazon.com/iam/)\.
 

doc_source/create-ota-user-policy.md

@@ -1,4 +1,4 @@
-# Creating an OTA User Policy<a name="create-ota-user-policy"></a>
+# Create an OTA User Policy<a name="create-ota-user-policy"></a>
 
 You must grant your IAM user permission to perform over\-the\-air updates\. Your IAM user must have permissions to:
 + Access the S3 bucket where your firmware updates are stored\.
@@ -7,10 +7,10 @@ You must grant your IAM user permission to perform over\-the\-air updates\. Your
 + Access Amazon FreeRTOS OTA updates\.
 + Access AWS IoT jobs\.
 + Access IAM\.
-+ Access Code Signing for Amazon FreeRTOS\.
++ Access Code Signing for AWS IoT\.
 + List Amazon FreeRTOS hardware platforms\.
 
-To grant your IAM user the required permissions, create an OTA user policy and then attach it to your IAM user\. For more information, see [IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)\.<a name="create-ota-user-policy"></a>
+To grant your IAM user the required permissions, create an OTA user policy and then attach it to your IAM user\. For more information, see [IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)\.<a name="create-ota-user-policy-steps"></a>
 
 **To create an OTA user policy**
 

doc_source/create-service-role.md

@@ -1,6 +1,6 @@
-# Creating an OTA Update Service Role<a name="create-service-role"></a>
+# Create an OTA Update Service Role<a name="create-service-role"></a>
 
-The OTA Update service assumes this role to create and manage OTA update jobs on your behalf\.<a name="create-service-role"></a>
+The OTA Update service assumes this role to create and manage OTA update jobs on your behalf\.<a name="create-service-role-steps"></a>
 
 **To create an OTA service role**
 
@@ -14,9 +14,9 @@ The OTA Update service assumes this role to create and manage OTA update jobs on
 
 1. Choose **IoT** from the list of AWS services\.
 
-1. Under **Select your use case**, choose **IoT allows IoT to call AWS services on your behalf**\.
+1. Under **Select your use case**, choose **IoT**\.
 
-1. Choose **Next: Permissions**\.
+1. Choose **Next: Tags**\.
 
 1. Choose **Next: Review**\.
 
@@ -28,15 +28,15 @@ For more information about IAM roles, see [IAM Roles](https://docs.aws.amazon.co
 
 1. In the search box on the IAM console page, enter the name of your role, and then choose it from the list\.
 
-1. Choose **Attach policy**\.
+1. Choose **Attach policies**\.
 
-1. In the **Search** box, enter **AmazonFreeRTOSOTAUpdate**\. In the list of managed policies, select **AmazonFreeRTOSOTAUpdate** , and then choose **Attach policy**\.<a name="add--permissions"></a>
+1. In the **Search** box, enter **AmazonFreeRTOSOTAUpdate**\. In the list of managed policies, check **AmazonFreeRTOSOTAUpdate** , and then choose **Attach policy**\.<a name="add--permissions"></a>
 
 **To add the required permissions to your OTA service role**
 
 1. In the search box on the IAM console page, enter the name of your role and then choose it from the list\.
 
-1. In the lower right, choose **Add inline policy**\.
+1. Choose **Add inline policy**\.
 
 1. Choose the **JSON** tab\.
 
@@ -48,30 +48,18 @@ For more information about IAM roles, see [IAM Roles](https://docs.aws.amazon.co
        "Statement": [
            {
                "Effect": "Allow",
-               "Action": "iam:PassRole",
-               "Resource":
-               "arn:aws:iam::<your_account_id>:role/<your_role_name>"
+               "Action": [
+                   "s3:GetObjectVersion",
+                   "s3:GetObject"
+               ],
+               "Resource": "arn:aws:s3:::<example-bucket>/*"
            }
        ]
    }
    ```
 
-   If you provide your own bucket name, use the following policy to grant your service role access to your bucket:
-
-   ```
-   	"Version": "2012-10-17",
-   	"Statement": [
-   		{
-   			"Effect": "Allow",
-   			"Action": [
-   				"s3:GetObjectVersion",
-   				"s3:GetObject"
-   			],
-   			"Resource": "arn:aws:s3:::<example-bucket>/*"
-   		}
-   	]
-   ```
+   This policy grants your OTA service role permission to read Amazon S3 objects\.
 
 1. Choose **Review policy**\.
 
-1. Enter a name for the policy and then choose **Create policy**\.
+1. Enter a name for the policy, and then choose **Create policy**\.

doc_source/dev-guide-ota-security.md

@@ -6,18 +6,18 @@ Connection security
 The OTA Update Manager relies on existing security mechanisms, like TLS mutual authentication, used by AWS IoT\. OTA update traffic passes through the AWS IoT device gateway and uses AWS IoT security mechanisms\. Each incoming and outgoing MQTT message through the device gateway undergoes strict authentication and authorization\.
 
 Authenticity and integrity of OTA updates  
-Firmware can be digitally signed before an OTA update to ensure that it is from a reliable source and has not been tampered with\. The Amazon FreeRTOS OTA Update Manager uses the Code Signing for Amazon FreeRTOS to automatically sign your firmware\. For more information, see [Code Signing for Amazon FreeRTOS](http://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html)\. The OTA agent, which runs on your devices, performs integrity checks on the firmware when it arrives on the device\.
+Firmware can be digitally signed before an OTA update to ensure that it is from a reliable source and has not been tampered with\. The Amazon FreeRTOS OTA Update Manager uses the Code Signing for AWS IoT to automatically sign your firmware\. For more information, see [Code Signing for AWS IoT](http://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html)\. The OTA agent, which runs on your devices, performs integrity checks on the firmware when it arrives on the device\.
 
 Operator security  
 Every API call made through the control plane API undergoes standard IAM Signature Version 4 authentication and authorization\. To create a deployment, you must have permissions to invoke the `CreateDeployment`, `CreateJob`, and `CreateStream` APIs\. In addition, in your Amazon S3 bucket policy or ACL, you must give read permissions to the AWS IoT service principal so that the firmware update stored in Amazon S3 can be accessed during streaming\. 
 
-## Code Signing for Amazon FreeRTOS<a name="dev-guide-code-signing"></a>
+## Code Signing for AWS IoT<a name="dev-guide-code-signing"></a>
 
-The AWS IoT console uses [Code Signing for Amazon FreeRTOS](http://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html) to automatically sign your firmware image for any device supported by AWS IoT\.
+The AWS IoT console uses [Code Signing for AWS IoT](http://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html) to automatically sign your firmware image for any device supported by AWS IoT\.
 
-Code Signing for Amazon FreeRTOS uses a certificate and private key that you import into ACM\. You can use a self–signed certificate for testing, but we recommend that you obtain a certificate from a well–known commercial certificate authority \(CA\)\.
+Code Signing for AWS IoT uses a certificate and private key that you import into ACM\. You can use a self–signed certificate for testing, but we recommend that you obtain a certificate from a well–known commercial certificate authority \(CA\)\.
 
-Code–signing certificates use the X\.509 version 3 **Key Usage** and **Extended Key Usage** extensions\. The **Key Usage** extension is set to `Digital Signature` and the **Extended Key Usage** extension is set to `Code Signing`\. For more information about signing your code image, see the [Code Signing for Amazon FreeRTOS Developer Guide](https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html) and the [Code Signing for Amazon FreeRTOS API Reference](https://docs.aws.amazon.com/signer/latest/api/Welcome.html)\.
+Code–signing certificates use the X\.509 version 3 **Key Usage** and **Extended Key Usage** extensions\. The **Key Usage** extension is set to `Digital Signature` and the **Extended Key Usage** extension is set to `Code Signing`\. For more information about signing your code image, see the [Code Signing for AWS IoT Developer Guide](https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html) and the [Code Signing for AWS IoT API Reference](https://docs.aws.amazon.com/signer/latest/api/Welcome.html)\.
 
 **Note**  
-You can download the Code Signing for Amazon FreeRTOS SDK from [https://tools\.signer\.aws\.a2z\.com/awssigner\-tools\-v2\.zip](https://tools.signer.aws.a2z.com/awssigner-tools-v2.zip)\. 
+You can download the Code Signing for AWS IoT SDK from [https://tools\.signer\.aws\.a2z\.com/awssigner\-tools\-v2\.zip](https://tools.signer.aws.a2z.com/awssigner-tools-v2.zip)\. 

doc_source/dev-guide-ota-workflow.md

@@ -14,7 +14,7 @@ You can use the AWS IoT console or the AWS CLI to create an OTA update\. The con
 
 1. If you are manually signing your firmware, sign and then upload the signed firmware image to your Amazon S3 bucket\.
 
-   If you are using Code Signing for Amazon FreeRTOS, upload your unsigned firmware image to an Amazon S3 bucket\.
+   If you are using Code Signing for AWS IoT, upload your unsigned firmware image to an Amazon S3 bucket\.
 
 1. Create an OTA update\.