Feed: The Internet of Things on AWS – Official Blog.
Author: Asim Kumar Sasmal.
Post by Asim Kumar Sasmal, Senior Data Architect, and Mark Gilbert, Senior Consultant in the IoT Global Specialty Practice of AWS Professional Services
Industrial IoT customers need a secure, cost-effective, and reliable end-to-end field-to-cloud solution that does the following:
- Ingests all their data from hundreds of industrial sites that have tens of thousands of PLCs/sensors.
- Reacts to the data by democratizing access in near-real time for unbounded analytics opportunities.
- Visualizes the analytical insights.
In this two-part post, you walk through examples of using AWS IoT to solve these three core challenges.
In Part 1, you learn how to ingest the data from industrial sites using AWS IoT SiteWise. For a walkthrough example, the service uses KEPServerEX simulator driver from Kepware as the OPC-UA server to subscribe for the data.
In Part 2, you use the data ingested in Part 1 to see how to:
- Model your assets from the data ingested in Part 1.
- Enable conditions monitoring and send notifications and alerts.
- Visualize dashboards and reports.
AWS IoT SiteWise is currently in limited preview. You must request an invitation to participate. To learn more, see AWS IoT SiteWise Preview. While in limited preview, AWS IoT SiteWise is subject to change.
Overview
AWS IoT SiteWise is a fully managed IoT service that you can use to collect, organize, and monitor data from industrial equipment at scale. This service provides gateway software (AWS IoT SiteWise Collector) that runs on common industrial gateway devices and reads data directly from servers and historians over the OPC-UA protocol.
Currently, data is stored in a time-optimized data store in AWS IoT Analytics. This service also provides an asset-modeling framework to model your assets, processes, and facilities from the data. You can also create views to monitor your operations.
The following diagram illustrates the high-level end-to-end solution described in this post and shows the AWS services involved.
Walkthrough
There are three sections in this walkthrough:
- Setting up KEPServerEX
- Setting up AWS IoT Greengrass
- Setting up an AWS IoT SiteWise gateway for data ingestion
Prerequisites
This example uses the US West (Oregon) Region. However, you can choose another AWS Region of your choice where AWS IoT SiteWise (limited preview), AWS IoT Analytics, and AWS IoT Events services are available.
- You have an AWS account in the same AWS Region.
- You have the
AdministratorAccesspolicy granted to your AWS account (for production, we recommend restricting this further). - You have AWS CLI installed and configured to use with your AWS account.
- You have an Amazon SNS topic named iote_send_email_sns_topic to receive email notification. Make a note of the SNS topic ARN, which you use later.
- You have an IAM role named iote_equip_temp_role with trust relationships for iotevents.amazonaws.com and iotanalytics.amazonaws.com. The role also has an IAM policy with the following permission on the SNS topic:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sns:Publish", "Resource": "arn:aws:sns:us-west-2:xxxxxxxx:*" } ] }Remember to replace the resource ARN for the SNS topic noted previously. Make a note of the IAM role ARN, which you use later.
This example uses simulated wind turbine data using KEPServerEX from Kepware (third-party software) as the OPC-UA server and its simulator driver. If you have any questions, contact Kepware for support.
Setting up KEPServerEX
- Launch an Amazon EC2 Windows instance (t2.medium, Windows Server 2019) by following the instructions in Getting Started with Amazon EC2 Windows Instances.
- Download and install the free demo for KEPServerEX from Kepware on the EC2 instance.
- Make sure that the EC2 instance’s security group inbound rule allows traffic for the port number that you plan to use with the OPC-UA endpoint. This post uses the default port number 49320.
- For the message security policy, choose Basic256 – Sign and encrypt.
- Right click on Project and select Properties… to go to the Property Editor. Choose Allow anonymous login option as Yes for OPC UA (if default is No) from the Property Editor as shown below:
![]()
Setting up the wind turbines
- After KEPServerEX is set up, log in to the Windows machine to set up the three wind turbines (Wind Turbine 1, Wind Turbine 2, Wind Turbine 3) using the KEPServerEX simulator driver. As shown in the following screenshot, each wind turbine has two PLC units:
- Unit 1 has three tags: “Power,” “Rotor Speed,” and “Wind Speed”
- Unit 2 has two tags: “Equipment Temperature” and “Outside Temperature”
![]()
![]()
- After the tags are created, monitor the simulated values by launching the OPC Quick Client to validate the simulation.
- The following screenshot shows the OPC Quick Client display when Wind Turbine 1, Unit 1.
![]()
- The following screenshot shows the OPC Quick Client display when Wind Turbine 1, Unit 2 is selected.
![]()
- The following screenshot shows the OPC Quick Client display when Wind Turbine 1, Unit 1.
Setting up AWS IoT Greengrass
Now that KEPServerEX is set up to simulate the required sample data for this example, set up AWS IoT Greengrass on your device gateway.
For this post, use an EC2 Linux instance instead of an actual industrial gateway device. AWS IoT SiteWise (currently in limited preview) is supported on x86_64 and ARMv7l CPU architecture-based device gateways.
Use the following steps to set up AWS IoT Greengrass on an EC2 Linux instance.
- Create an IAM role named SiteWiseDemo with required policies using the steps in Create an IAM Policy and Role. Make a note of the IAM role, which you use later.
- Launch an EC2 Linux instance (t2.medium), using the steps in Getting Started with AWS IoT Greengrass – Module 1 – Setting Up an Amazon EC2 Instance.
- After the EC2 instance is launched and in running status, connect to the EC2 instance by using SSH,
- Make sure that your EC2 Linux instance has the pre-requisites as noted specially the following:
- x86 64-bit architecture
- OpenJDK 8 (not an earlier or later version). Execute
sudo yum install java-1.8.0to install the required version (if needed)
- To allow AWS IoT Greengrass to use Java, you need to create a java8 symbolic link to the Java executable (if not already setup by the Java 8 installation earlier). Execute
sudo ln -s /usr/bin/java /usr/bin/java8to create the symbolic link (if needed). Executejava8 -versionto validate the symbolic link pointing to 1.8.x version. - Create a
/var/sitewisedata directory and give the ggc_user permissions for that directory using the commands below. This directory will be used by AWS IoT SiteWise to store system data.sudo mkdir /var/sitewise sudo chown ggc_user /var/sitewise sudo chmod 700 /var/sitewise/var/sitewiseis the default directory used by AWS IoT SiteWise. You can customize the directory path if you wish, such as replacing/var/sitewisewith/var/custom/path/but doing so requires extra steps after AWS IoT SiteWise gateway is created. For more information, see step 3 in Add the Gateway and Configure Sources and Sinks.
- Make sure that your EC2 Linux instance has the pre-requisites as noted specially the following:
- After your EC2 instance configuration is complete, follow the instructions in Module 2: Installing the AWS IoT Greengrass Core Software to install AWS IoT Greengrass software on the EC2 instance and also create an AWS IoT Greengrass group named sitewise_gg. Only execute the instructions up to Module 2 from the AWS IoT Greengrass Getting Started guide.
- To attach the IAM role SiteWiseDemo to the AWS IoT Greengrass group sitewise_gg, follow the steps in Attach an IAM Role to an AWS IoT Greengrass Group.
- Edit the Security Group for the Windows EC2 instance for KEPServerEX to allow traffic from the Security Group for the Greengrass Amazon EC2 instance for port number 49320 which you plan to use with the OPC-UA end-point.
Setting up an AWS IoT SiteWise gateway for data ingestion
You have your KEPServerEX simulating OPC-UA data and AWS IoT Greengrass software running on your edge gateway (an EC2 Linux instance for this post).
Now, set up your AWS IoT SiteWise gateway in the cloud.
- In the AWS IoT SiteWise console, choose Manage, Gateways.
- Create a new AWS IoT SiteWise gateway named “Windturbine GW” by following the instructions in Add the Gateway and Configure Sources and Sinks. The gateway configuration should have the following values, as shown in the following screenshot:
- Greengrass group ID as sitewise_gg (which you set up earlier when you set up AWS IoT Greengrass).
- Local endpoint as the OPC-UA server endpoint for the KEPServerEX (the Windows EC2 instance) you have set up earlier. Use the private IP address for the EC2 instance.
- Data stream prefix as “server-1-”. A prefix is used to disambiguate data streams (for example, OPC-UA tags) that may have the same name when the AWS IoT SiteWise gateway device is connected to multiple data sources. This naming convention provides a mechanism for data streams to have unique names for each gateway device.
- Message security policy as “Basic256 – Sign and encrypt” (this is the same message security policy you chose earlier from KEPServerEX). The message security policy determines the algorithm used for the encryption and signing of OPC-UA messages exchanged with the gateway device.
- Authentication as None – anonymous (this is to match with the Allow anonymous login option you have chosen earlier from KEPServerEX under Property Editor, General, OPC UA)
![]()
- Click on Next to select either an existing AWS IoT Analytics project for the data storage (currently AWS IoT Analytics is the data storage for AWS IoT SiteWise in limited preview) or create a new AWS IoT Analytics project by clicking on Add new project button.
- After saving the gateway settings from the AWS IoT SiteWise console and gateway status changes to Active, log in to the KEPServerEX Windows machine. To trust the certificate from OPC UA Configuration Manager to allow the data flow from KEPServerEX to AWS, choose Trust as shown in the screenshot below.
![]()
- Verify that the OPC-UA data is streaming from KEPServerEX to AWS:
- In the AWS IoT SiteWise console, choose Gateways, Windturbine GW, Manage, View details, and scroll down to Data streams.
![]()
- In the AWS IoT Analytics console, choose Channels, windturbine_gw, and scroll down to the IncomingMessages chart, as shown in the following screenshot.
![]()
![]()
- In the AWS IoT SiteWise console, choose Gateways, Windturbine GW, Manage, View details, and scroll down to Data streams.
Summary
In Part 1 of this post, you saw how to ingest your data from industrial sites in a secure, cost-effective, and reliable manner using AWS IoT SiteWise (under limited preview). You used KEPServerEX from Kepware as the OPC-UA server for AWS IoT SiteWise to subscribe to the data.
In Part 2 of this post, you will learn how to:
- Model your assets from the data ingested in Part 1 using AWS IoT SiteWise asset modeling.
- Enable conditions monitoring and send notifications and alerts using AWS IoT Events.
- Visualize dashboards and reports using Amazon QuickSight.