Upload the firmware binary to S3 and create a pre-signed URL or use a job document that references the S3 object with appropriate IAM permissions.
Create the IoT Job via CreateJob API, specifying the target thing group ARN and a job document containing the firmware URL and version metadata.
Set a RolloutConfig with a maximumPerMinute rate and optionally an ExponentialRolloutRate to throttle the campaign across the fleet.
Set an AbortConfig to halt the job automatically if a threshold percentage of devices report failure within a time window.
On each device, subscribe to the job notification topic ($aws/things/THING_NAME/jobs/notify), download firmware on job receipt, apply the update, then publish IN_PROGRESS, SUCCEEDED, or FAILED to the job execution update topic.
Monitor campaign progress with DescribeJobExecution and ListJobExecutions; use the IoT console Jobs dashboard for fleet-wide status.
Known gotchas
Devices must report a final terminal status (SUCCEEDED or FAILED) or the execution stays IN_PROGRESS indefinitely, blocking re-targeting.
The pre-signed URL in the job document has a configurable expiry; set it long enough for slow devices to download but short enough for security.
AbortConfig thresholds are evaluated only after a minimum number of devices have completed, so early in a small canary rollout the abort may not trigger even at 100% failure.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp