SiliconLabsSoftware · silabs-ArghyaD · Dec 16, 2025 · Nov 7, 2025 · Dec 16, 2025 · Dec 17, 2025
@@ -6,8 +6,10 @@ Amazon Web Services offers reliable, scalable, and inexpensive cloud computing s
 
 1. Open [AWS](https://aws.amazon.com/).
 2. Log in using your AWS credentials.
-
-3. Go to **Security > Policies** and select **Create Policy**. Enter the policy name (e.g., `MATTER_AWS_POLICY_`). In the policy statements, select **JSON** and replace the contents with the JSON provided below:
+3. Go to **AWS IoT**.
+4. In the left panel, go to **Security > Policies** and select **Create Policy**. 
+![Create Security Policy](./images/security-policy-create-policy.jpeg)
+Enter the policy name (e.g., `MATTER_AWS_POLICY_`). In the policy statements, select **JSON** and replace the contents with the JSON provided below:
 
     ```shell
      {
@@ -22,22 +24,51 @@ Amazon Web Services offers reliable, scalable, and inexpensive cloud computing s
      }
     ```
 
-4. Once done, select **Create**.
+5. Once done, select **Create**.
 
-5. Create a client CSR certificate and a client key by following the steps in the [OpenSSL Certificate Creation](./openssl-certificate-creation.md) documentation.
+6. Create a client CSR certificate and a device key by following the steps in [OpenSSL Certificate Creation](./openssl-certificate-creation.md).
 
-6. Complete the following steps to create a thing and generate certificates for your Matter application to use in the `MatterAwsNvmCert.cpp` source file:
+7. Complete the following steps to create a thing and generate certificates for your Matter application to use in the `MatterAwsNvmCert.cpp` source file:
 
     - Go to **All Devices > Things** and select **Create Things**.
+    ![Create Things](./images/device-create-things.png)
     - Select **Create Single Thing** and click **Next**.
     - Under **Info > Give the thing a name**, specify the thing name (this will be the client ID), then click **Next**.
     - (Optional) Configure the device certificate under  **Info > Upload CSR**.
     - In **Certificate > Choose file** (Choose Client CSR generated in Openssl Certificate Creation ex: `device.csr`). Click **Next**. 
+       ![Upload CSR](./images/thing-upload-csr.png)
     - Use the policy (e.g., `MATTER_AWS_POLICY_`) created in AWS Certificate creation.
-    - Once the thing is successfully created, activate and download the certificate.
+       ![Attach Policy](./images/thing-attach-policy.png)
+    - Once the thing is successfully created, click **View certificate**. 
+       ![View Certificate](./images/thing-view-certificate.png)
+    - Next:
+         - Activate the certificate.
+         - Download the certificate.
+       ![Activate and Download Certificate](./images/thing-activate-download-certificate.png)
+
+8. Copy the contents of [AWS_CA CERT](https://www.amazontrust.com/repository/AmazonRootCA3.pem) and add it as CA certificate in `examples/platform/silabs/matter_aws/matter_aws_interface/include/MatterAwsNvmCert.cpp`. 
+   ```cpp
+   char ca_certificate[]     = {
+    "-----BEGIN CERTIFICATE-----\r\n"
+    "MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5\r\n"
+    "MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g\r\n"
+    "Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG\r\n"
+    "A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg\r\n"
+    "Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl\r\n"
+    "ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j\r\n"
+    "QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr\r\n"
+    "ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr\r\n"
+    "BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM\r\n"
+    "YyRIHN8wfdVoOw==\r\n"
+    "-----END CERTIFICATE-----\r\n"
+    };
+   ```
 
-8. Copy the contents of [AWS_CA CERT](https://www.amazontrust.com/repository/AmazonRootCA3.pem) and add it as CA certificate in `MatterAwsNvmCert.cpp`. 
+   - In `MatterAwsNvmCert.cpp` file are the following:
+      - char ca_certificate[] - Fill it with AWS_CA CERT (mentioned above).
+      - char device_certificate[] - Fill it with Device Certificate downloaded from AWS in Step 7.
+      - char device_key[] - Fill it with Device Key generated in Step 6.
 
-9. Repeat Step 5 to create a new thing for use in MQTT Explorer, using the certificate generated for MQTT Explorer during OpenSLL certificate creation (e.g., `explorer.csr`). Create a `.pem` file from the CA certificate in step 8 and use it as the server certificate in MQTT Explorer.
+9.  Repeat Step 6 to create a new thing for use in MQTT Explorer, using the certificate generated for MQTT Explorer during OpenSLL certificate creation (e.g., `explorer.csr`). Create a `.pem` file from the CA certificate in step 8 and use it as the server certificate in MQTT Explorer.
 
-    **Note**: The thing name must be unique as it will be used as the client ID.
+   > **Note**: The thing name must be unique as it will be used as the client ID.
@@ -1,72 +1,86 @@
-# Build Procedure For Matter + AWS
-
-The following components are common for all apps and should be modified in the corresponding application-specific `.slcp` file.
-
-## How to Add the Matter + AWS Component
-
-To add the Matter + AWS component, modify the corresponding application-specific `.slcp` file.
-
-```shell
-  - id: matter_aws
-    from: matter
-```
-To enable the component in Simplicity Studio, add the following components.
-
-- Go to **Software** components, search for `Matter_Wifi`. Click on **Settings** symbol beside Matter Wi-fi component in the left panel and enable IPV4 configuration.
-    ![IPV4 Component](images/matter_aws_ipv4_enable_1.png)
-    ![IPV4 Settings Enable](images/matter_aws_ipv4_enable_2.png)
-
-- In **Software Components**, search for `aws` and install the Matter AWS component.
-
-- Next, select the dependencies for the Matter AWS component.
- ![Default Entropy Source for Matter + AWS](images/matter_aws_dependency_1.png)
- ![Public-Key Abstaction Layer for Matter + AWS](images/matter_aws_dependency_2.png)
-
-## How to Add the Matter + AWS Server, Client, Cluster Details.
-
-- Update the definitions for the server ID, client ID and cluster in `MatterAwsConfig.h`:    
-    - Update the AWS server name at `#define MATTER_AWS_SERVER_HOST ""`.
-    - Update the client ID at `#define MATTER_AWS_CLIENT_ID ""`.
-    - Update the cluster information at `#define ZCL_USING_THERMOSTAT_CLUSTER_SERVER`.
-
-
-## Building Matter + AWS Application
-
-- After you finish modifying the **.slcp** project file as described above, refresh the `matter-extension` in Simplicity Studio.
-
--  On the **Launcher** tab, select **Preferences**.
-
- ![Select Preferences](images/select-preferences.png)
-
-- Expand the **Simplicity Studio** section, and click the **SDKs** tab.
-
- ![Select SDK](images/select-studio-sdk-option.png)
-
-- Expand **Simplicity SDK**, and click **Refresh** in the side menu.
-
- ![Select Refresh](images/select-refresh-option.png)
-
-- Build the Matter + AWS application using Simplicity Studio as described in
-  - [Build SOC Application Using Studio](/matter/{build-docspace-version}/matter-wifi-run-demo/build-soc-application-using-studio).
-
-## Compile using new/different certificates
-
--   Two devices should not use the same client ID. Use a different client ID for
-    your second connection.
--   While using AWS, update the following information:
-    -   Add your AWS certificates in file
-        `examples/platform/silabs/matter_aws/matter_aws_interface/include/MatterAwsNvmCert.h`
-        -   Provide the AWS Root CA key
-            (https://www.amazontrust.com/repository/AmazonRootCA3.pem)
-        -   Provide `device_certificate` and `device_key` with your device certificate and
-            device key. For more details, refer to
-            [OpenSSL Device Certificate Creation] (./openssl-certificate-creation.md)
-    -   Add your AWS server and client ID information to the
-        `examples/platform/silabs/matter_aws/matter_aws_interface/include/MatterAwsConfig.h` file.
-        -   Provide `MATTER_AWS_SERVER_HOST` with your AWS Server name.
-        -   Provide `MATTER_AWS_CLIENT_ID` with your device/thing ID.
-        -   Provide  `ZCL_USING_THERMOSTAT_CLUSTER_SERVER` with the cluster details.
--   The preferred certificate type to use in the application is ECDSA.
--   AWS RootCA used in this PoC is
-    https://www.amazontrust.com/repository/AmazonRootCA3.pem
-
+# Build Procedure For Matter + AWS
+
+The following components are common for all apps and should be modified in the corresponding application-specific `.slcp` file using the Studio Project Configurator tool.
+
+## How to Add the Matter + AWS Component
+To enable the component in Simplicity Studio, add the following components.
+
+- Go to **Software** components, search for `Matter_Wifi`. Click the **Settings** symbol beside Matter Wi-fi component in the left panel or the **Configure** option and enable IPV4 configuration.
+    ![IPV4 Component](images/matter-wifi-component.png)
+    ![IPV4 Settings Enable](images/matter-aws-ipv4-enable-2.png)
+
+- In **Software Components**, search for `aws` and install the Matter AWS component.
+    ![Matter + AWS Component](images/aws-component-install.png)
+- Next, select the dependencies for the Matter AWS component.
+    > Note: The order can vary, but in every case select the option with "+ AWS".
+ ![Default Entropy Source for Matter + AWS](images/matter-aws-dependency-1.png)
+ ![Public-Key Abstaction Layer for Matter + AWS](images/matter-aws-dependency-2.png)
+
+### Added Step for 917 NCP
+ - In **Software Components**, search for `TLS 1.2 PRF` and install the TLS 1.2 PRF component.
+    ![TLS 1.2 PRF Component](images/tls-prf-component-install.png)
+
+## How to Add the Matter + AWS Server, Client, Cluster Details.
+- Go to the `third_party/matter_sdk/examples/platform/silabs/matter_aws/matter_aws_interface/include/` folder from **Browse to Location** option by right-clicking **Silicon Labs Matter** in `Settings > SDKs`.
+![Matter Extension Browse to Location](images/aws-sdk-location.png)
+
+- Update the definitions for the server ID, client ID and cluster in `MatterAwsConfig.h`:    
+    - Update the AWS server name at `#define MATTER_AWS_SERVER_HOST ""`.
+    - Update the client ID at `#define MATTER_AWS_CLIENT_ID ""`.
+    - Update the cluster information based on your app, with reference to the below table:
+
+| Application Type | Cluster Definition |
+|------------------|--------------------|
+| Matter Thermostat | `#define ZCL_USING_THERMOSTAT_CLUSTER_SERVER` |
+| Matter Light | `#define ZCL_USING_ON_OFF_CLUSTER_SERVER` |
+| Matter Lock | `#define ZCL_USING_DOOR_LOCK_CLUSTER_SERVER` |
+| Matter Window Covering | `#define ZCL_USING_WINDOW_COVERING_CLUSTER_SERVER` |
+
+
+## Building Matter + AWS Application
+
+- After adding the Matter + AWS component as described above, refresh the `matter-extension` in Simplicity Studio.
+
+-  In the **Home** tab, from the left panel, select **Settings**.
+
+ ![Select Settings](images/aws-build-settings.jpg)
+
+- Click on **SDKs**, ensure the correct version of the SDK is selected, and then click **Refresh** in the right side menu.
+
+ ![Select Refresh](images/aws-build-sdk-refresh.jpg)
+
+- Build the Matter + AWS application using Simplicity Studio as described in
+  - [Build SOC Application Using Studio](/matter/{build-docspace-version}/matter-wifi-run-demo/build-soc-application-using-studio).
+- After building and flashing the app, you can see [MATTER_AWS] logs after device bootup.
+    ```console
+    [00:00:23.400][info  ][SVR] [MATTER_AWS] connection callback started
+    [00:00:23.690][info  ][SVR] [MATTER_AWS] MQTT connection status: 0
+    [00:00:23.995][info  ][SVR] [MATTER_AWS] MQTT sub request callback: 0
+    ```
+    - After subscribing to a topic in AWS IoT, you can see the publish logs.
+    ![Device Logs AWS](./images/aws-device-logs-thermostat-app.png)
+
+    - You can see the same data in AWS IoT.
+    ![AWS IoT App Data](./images/matter-aws-iot-app-data.png)
+
+## Compile Using New/Different Certificates
+
+-   Two devices should not use the same client ID. Use a different client ID for
+    your second connection.
+-   While using AWS, update the following information:
+    -   Add your AWS certificates in file
+        `examples/platform/silabs/matter_aws/matter_aws_interface/include/MatterAwsNvmCert.cpp`
+        -   Provide the AWS Root CA key
+            (https://www.amazontrust.com/repository/AmazonRootCA3.pem)
+        -   Provide `device_certificate` and `device_key` with your device certificate and
+            device key. For more details, refer to
+            [OpenSSL Device Certificate Creation](./openssl-certificate-creation.md).
+    -   Add your AWS server and client ID information to the
+        `examples/platform/silabs/matter_aws/matter_aws_interface/include/MatterAwsConfig.h` file.
+        -   Provide `MATTER_AWS_SERVER_HOST` with your AWS Server name.
+        -   Provide `MATTER_AWS_CLIENT_ID` with your device/thing ID.
+        -   Provide  `ZCL_USING_THERMOSTAT_CLUSTER_SERVER` with the cluster details.
+-   The preferred certificate type to use in the application is ECDSA.
+-   AWS RootCA used in this PoC is
+    https://www.amazontrust.com/repository/AmazonRootCA3.pem
+
@@ -2,19 +2,46 @@
 
 An SSL certificate is an important way to secure user information and protect against hackers.
 
-## Openssl Installation (In ubuntu 22.04)
+## Openssl Installation 
 
-1. To install OpenSSL (v 3.0.2), issue the following command:  `sudo apt install openssl`
+1. In Debian/Linux
+   - To install OpenSSL, issue the following command:  `sudo apt install openssl`
+2. In Windows
+   - To install OpenSSL, either download precompiled [OpenSSL](https://slproweb.com/products/Win32OpenSSL.html) binaries for Windows or install via WSL using the command: `sudo apt install openssl`
 
 ## Certificates Creation
 
 Use the following commands to generate certificates:
 
-1. **Generate the client key:**
+1. **Generate the device key:**
     - `openssl ecparam -name prime256v1 -genkey -noout -out device.key`
 2. **Generate the client certificate** (e.g., `device.crt` and `device.key`) using a CA
    certficate:
     - `openssl req -new -out device.csr -key device.key`
+   > Note: Below is a sample for demonstration to generate "device.csr". Make sure to use the same Common Name provided here for Thing Name.
+    ```shell
+    openssl req -new -out device.csr -key device.key
+
+    You are about to be asked to enter information that will be incorporated
+    into your certificate request.
+    What you are about to enter is what is called a Distinguished Name or a DN.
+    There are quite a few fields but     you can leave some blank
+    For some fields there will be a default value,
+    If you enter '.', the field will be left blank.
+
+    Country Name (2 letter code) [AU]:IN
+    State or Province Name (full name) [Some-State]:Telangana
+    Locality Name (eg, city) []:Hyderabad
+    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Silicon Labs Pvt Ltd
+    Organizational Unit Name (eg, section) []:MATTER
+    Common Name (e.g. server FQDN or YOUR name) []:AWS_DEMO
+    Email Address []:[email protected]
+
+    Please enter the following 'extra' attributes
+    to be sent with your certificate request
+    A challenge password []:
+    An optional company name []:
+    ```
 3. **Upload CSR to AWS**: While creating the AWS IoT thing, use the **Upload CSR** option in the configure device
    certificate step. Once the CSR generated in step 2 is uploaded, AWS will
    generate an AWS CA-authenticated `device.crt`.