Configure an OPC-UA source (console) - AWS IoT SiteWise

Configure an OPC-UA source (console)

To configure an OPC-UA source using the AWS IoT SiteWise console

  1. Navigate to the AWS IoT SiteWise console.

  2. In the navigation pane, choose Gateways.

  3. On the gateway that you want to create a source for, choose Manage, and then choose View details.

    AWS IoT SiteWise "Gateways" page screenshot with "View details" highlighted.

  4. Choose New source in the upper-right corner.

  5. For Protocol options, choose OPC-UA.

  6. For OPC-UA source configuration, enter a Name for the source.

  7. For IP address or hostname, enter the local endpoint of the data source server. For example, your local endpoint might look like opc.tcp://203.0.113.0:49320.

  8. (Optional) Enter a Data stream prefix. The gateway adds this prefix to all data streams from this source. Use a data stream prefix to distinguish between data streams that have the same name from different sources. Each data stream should have a unique name within your account.

  9. Choose a Message security mode for connections and data in transit between your source server and your gateway. This field is the combination of the OPC-UA security policy and message security mode. You must choose the same security policy and message security mode that you specified for your OPC-UA server.

    Choose the security policy from the following options:

    • None – The gateway doesn't secure connections to the OPC-UA source. We recommend that you choose a different security policy.

    • Basic256Sha256 – The Basic256Sha256 security policy.

    • Aes128_Sha256_RsaOaep – The Aes128_Sha256_RsaOaep security policy.

    • Aes256_Sha256_RsaPss – The Aes256_Sha256_RsaPss security policy.

    • Basic128Rsa15 – (Deprecated) The Basic128Rsa15 security policy is deprecated in the OPC-UA specification because it's no longer considered secure. We recommend that you choose a different security policy. For more information, see Basic128Rsa15.

    • Basic256 – (Deprecated) The Basic256 security policy is deprecated in the OPC-UA specification because it's no longer considered secure. We recommend that you choose a different security policy. For more information, see Basic256.

    Except for the None option, each security policy has two options for message security mode:

    • Sign – The data in transit between the gateway and the source is signed but not encrypted.

    • Sign and encrypt – The data in transit between the gateway and the source is signed and encrypted.

    Important

    If you choose a message security mode other than None, you must enable your source server to trust the gateway. For more information, see Enabling your source servers to trust the gateway.

  10. If your source requires authentication, choose an AWS Secrets Manager secret from the Authentication configuration list. The gateway uses the authentication credentials in this secret when it connects to this source. You must attach secrets to your gateway's IoT SiteWise connector to use them for source authentication. For more information, see Configuring source authentication.

    Tip

    Your data server might have an option named Allow anonymous login. If this option is Yes, then your source doesn't require authentication.

  11. For Property groups, enter a Name.

  12. For Properties:

    1. (Optional) For Node paths, add OPC-UA node filters to limit which OPC-UA paths are uploaded to AWS IoT SiteWise. You can use node filters to reduce your gateway's startup time and CPU usage by only including paths to data that you model in AWS IoT SiteWise. By default, gateways upload all OPC-UA paths except those that start with /Server/. To define OPC-UA node filters, you can use node paths and the * and ** wildcard characters. For more information, see Using OPC-UA node filters.

    2. For Scan mode, choose the mode that you want AWS IoT SiteWise to use to collect your data. For more information about scan mode, see Filter data ingestion ranges with OPC-UA.

    3. For Scan rate, update the rate that want the gateway to read your registers. AWS IoT SiteWise automatically calculates the minimum allowable scan rate for your gateway.

    4. (Optional) Configure a Deadband setting for your source. This controls what data your source sends to your AWS IoT SiteWise, and what data it discards. For more information about the deadband setting, see Filter data ingestion ranges with OPC-UA.

  13. (Optional) For Destination, choose where the source data is sent. By default, your source sends data to AWS IoT SiteWise. You can use a AWS IoT Greengrass stream to export your data to a local destination or to the AWS Cloud instead.

    Note

    You must choose AWS IoT SiteWise as the destination for your source data if you want to process data from this source at the edge with AWS IoT SiteWise. For more information about processing data at the edge, see Enabling edge data processing.

    To send your data to another destination:

    1. For Destination options, choose Other destinations.

    2. For Greengrass stream name, enter the exact name of your AWS IoT Greengrass stream.

      Note

      You can use a stream that you've already created, or you can create a new AWS IoT Greengrass stream to export your data. If you want to use an existing stream, you must enter the exact name of the stream or a new stream will be created.

      For more information about working with AWS IoT Greengrass streams, see Manage data streams in the AWS IoT Greengrass Version 1 Developer Guide.

  14. Choose Add source.

    AWS IoT SiteWise deploys the gateway configuration to your AWS IoT Greengrass core. You don't need to manually trigger a deployment.