If you are having issues with the exercises, please create a ticket on DevZone:
Click or drag files to this area to upload. You can upload up to 2 files.

Exercise 5 – FOTA over Wi-Fi

As with the previous exercise, we will use a sample for a nRF Connect SDK cloud library, and learn how it can be used for FOTA. Specifically, we will learn how to use AWS to do FOTA over Wi-Fi for a nRF7002DK. The exercise code is based on the AWS IoT Sample. Since the AWS IoT library in the nRF Connect SDK does have automatic FOTA support, we will not need to implement much in our application to handle the FOTA.

The goal of the FOTA procedure is to transfer the app_update.bin file from the cloud to the mcuboot_secondary memory partition in the nRF7002 DK. After that is done, MCUboot will swap the image as normal.

Exercise steps

Open the code base of the exercise by navigating to Create a new application in the nRF Connect for VS Code extension, select Copy a sample, and search for Lesson 8 – Exercise 5.

Alternatively, in the GitHub repository for this course, go to the base code for this exercise, found in lesson8/inter_less8_exer5.


There exist two code bases for this exercise: an old one for nRF Connect SDK V2.5.x in the subfolder lesson8/v2.5.x and a new one in the folder lesson8/ for nRF Connect SDK V2.6.x.

1. Configure the Wi-Fi credentials.

First, we have to connect the nRF7002 DK to the Wi-Fi. Please fill out the SSID and password of your local Wi-Fi access point.

Add the following code snippet to the boards/nrf7002dk_nrf5340_cpuapp.conf file.

1.1 Build the project and flash it to the nRF7002 DK (nrf7002dk_nrf5340_cpuapp).

You should see the following log when the device has connected to the Wi-Fi.


The getaddrinfo error is because we have the wrong address for the AWS cloud IoT server. To get the correct address, we must first set up an AWS IoT Hub.

2. Set up an AWS IoT Hub.

There are two ways to interact with AWS:

  • Using the aws iot command line tool
  • Using the AWS web-page interface

Our AWS IoT: Setup and configuration docs give instructions to aws iot. We will give steps on how to set up AWS IoT from the AWS web-page interface here.

2.1 First, create an account at For development, We suggest the same settings from our docs: For development purposes, the AWS managed policies AWSIoTConfigAccess and AWSIoTDataAccess provide sufficient permissions to manage AWS IoT. If you want to use AWS FOTA, the AmazonS3FullAccess policy can be used to obtain access to AWS S3.

3. Input the correct address for our device to connect to.

3.1 Log into and search for “IoT Core”.

Go to this page, it will look like this:

3.2 In the left menu, scroll down and select Settings (1). Copy the Endpoint address (2) and paste it to CONFIG_AWS_IOT_BROKER_HOST_NAME.

Now, we should no longer get the address error, but see that we get error -22 from MQTT:

This error is because we have not yet set up the Thing and its certificates.

4. Add an IoT Device (Thing) to AWS and generate certificates for it.

4.1 We will still stay on the IoT Core page. In the left-hand menu, select All Devices -> Things (1). Then select Create Things (2).

Select Create single Thing, then next. On the next page, enter a name. For example, academy_thing. We do not need any of the optional configurations for this exercise. For this exercise, we select Unnamed shadow for the Device Shadow. Click next again. On the next page, Auto-generate a new certificate (recommended) is already selected by default. We also want this, so just click next once more.

The next page will be for selecting a policy, but we have no policy for our Thing yet. Click Create Policy to open a new tab to create a policy. In the new tab, choose a policy name, for example, academy_policy. Below, for the Policy Document select JSON. Remove the default JSON text from the box. Then copy the JSON from AWS IoT setup: 3. Creating a policy and insert it to the page.

Then, Click Create.

Go back to the Select Policy page we were at, and now the new policy should be visible. Select the policy, for example academy_policy. Then clock Create thing . This will open a window where we can download keys and certificates from. Make sure to download these. We should download 4 files: Device certificate, Public key file, Private key file and RSA 2048 bit key: Amazon Root CA 1. We choose CA1 as we will use RSA2048 for HTTPS. After we have checked that the files were successfully downloaded, clock done. We now should be able to see the new Thing in our list of Things:

4.2 Now that we have created a name for the Thing, we can configure it to the project:

Next up, we will add the certificates to our application. In our certs folder, we have three cert files that need to be set: ca-cert.pem, client-cert.pem and private-key.pem. These match our downloaded certs as such:

  • ca-cert.pem < – > AmazonRootCA1.pem
  • client-cert.pem < – > XXXX-certificate.pem.crt
  • private-key.pem < – > XXXX-private.pem.key

Unfortunately, we can not simply copy the files, as the downloaded certs are missing the quotes and newline symbols needed for our certs. See ca-cert.pem for an example.
So first, we manually add quotes and newline symbols to the downloaded files. For example, if the file is

We will convert it to:

Then copy the content into the corresponding certificate files, replacing the dummy certs.

With the Thing name configured and the certificates set, build and flash the nRF7002 DK. We should now see the following logs:


The certificate provisioning would be different for the nRF91 Series devices, as it stores certificates in its modem.

5. Now that we have successfully connected the nRF7002 DK to AWS IoT Core, we can do FOTA with it.

For these steps, our documentation instructs on how to use the GUI.

5.1 To enable AWS FOTA in the application, set the following configurations in the boards/nrf7002dk_nrf5340_cpuapp_ns.conf file

The tag is set to 201, because the project is configured with CONFIG_MQTT_HELPER_SEC_TAG=201, so we use the same certs for FOTA.

5.2 Build and flash the application again.

5.3 Change something in src/main.c, for example a print statement. We do this so we can see something change when we update the device. MCUboot will not swap if the firmware update is identical, either.

5.4 Build the application again, but do not flash it to the board.

5.5 Follow the steps documented in AWS FOTA: Creating a FOTA job. After clicking Submit, we can observe in the logs that the FOTA has started downloading.

When the download is complete, the sample will automatically tag the mcuboot_secondary as “test” and restart the nRF7002 DK. Then the new image will swap into mcuboot_primary and boot the new application, which will be confirmed as well. This exercise ends now, but if you want, you can try to find the callback signaling that the FOTA is done, and see what it does.

The solution for this exercise can be found in the GitHub repository, lesson8/inter_less8_exer5_solution.

Register an account
Already have an account? Log in
(All fields are required unless specified optional)

  • 8 or more characters
  • Upper and lower case letters
  • At least one number or special character

Forgot your password?
Enter the email associated with your account, and we will send you a link to reset your password.