Create a gateway - AWS IoT SiteWise

Create a gateway

You can use the AWS IoT SiteWise console to create a gateway. This topic contains the following steps:

Step 1: Configure a gateway

  1. Navigate to the AWS IoT SiteWise console.

  2. In the navigation pane, choose Gateways.

  3. Choose Create gateway.

  4. Enter a name for your gateway or use the name generated by AWS IoT SiteWise.

  5. For Greengrass core device, choose one of the following options:

    • Default setup ‐ AWS automatically uses default settings to create a Greengrass core device in AWS IoT Greengrass V2.

      1. Enter a name for the Greengrass core device or use the name generated by AWS IoT SiteWise.

    • Advanced setup ‐ Choose this option if you want to use an existing Greengrass core device or to create one manually.

      1. Choose a Greengrass core device or choose Create Greengrass core device to create one in the AWS IoT Greengrass V2 console. For more information, see Setting up AWS IoT Greengrass V2 core devices in the AWS IoT Greengrass Version 2 Developer Guide.

  6. Choose Next.

Step 2: Configure edge capabilities

AWS IoT SiteWise provides the following packs that your gateway can use to determine how to collect and process your data. Select packs to enable edge capabilities for your gateway.

  • Data collection pack enables your gateway to collect data from multiple OPC-UA servers, and then export the data from the edge to the AWS Cloud. By default, this pack is automatically enabled for your gateway. You can't disable this pack.

  • Data processing pack enables your gateway to process your data at the edge. For example, you can use asset models to compute metrics and transforms. For more information about asset models and assets, see Modeling industrial assets.

    • AWS IoT SiteWise retains your edge data on your gateways up to 30 days. The retention of your data is dependent on your device and the available disk space.

    • 30 days after your gateway has been disconnected from the AWS Cloud, the data processing pack is automatically disabled.

  1. (Optional) In the Edge capabilities pane, select Data processing pack.

  2. (Optional) In the Edge LDAP connection pane, you can grant user groups in your corporate directory access to this gateway. The user groups can use the Lightweight Directory Access Protocol (LDAP) credentials to access the gateway. Then they can use the AWS OpsHub for AWS IoT SiteWise application, AWS IoT SiteWise APIs, or other tools to manage the gateway. For more information, see Managing gateways


    You can also use the Linux credentials to access the gateway. For more information, see Accessing your gateway using Linux credentials.

    1. Select Enable.

    2. For Provider name, enter a name for your LDAP provider.

    3. For Hostname or IP address, enter the hostname or IP address of your gateway device.

    4. For Port, enter a port number.

    5. For Base distinguished name (DN), enter a distinguished name (DN) for the base.

      The following attribute types are supported: commonName (CN), localityName (L), stateOrProvinceName (ST), organizationName (O), organizationalUnitName (OU), countryName (C), streetAddress (STREET), domainComponent (DC), and userid (UID).

    6. For Admin group DN, enter a DN.

    7. For User group DN, enter a DN.

  3. Choose Next.

Step 3: Add data sources

Data sources are local servers or industrial equipment that are connected to gateways. You can add data sources so that your gateway can ingest data from the OPC-UA servers to AWS IoT SiteWise.


Gateways running on AWS IoT Greengrass V2 currently don't support Modbus TCP and Ethernet IP sources.

To add an OPC-UA source

  1. Choose Add data source.

  2. Enter a name for the source.

  3. Enter the Local endpoint of the data source server. The endpoint can be the IP address or hostname. You may also add a port number to the local endpoint. For example, your local endpoint might look like opc.tcp://

  4. (Optional) For Node ID for selection, add node filters to limit which data streams are ingested to the AWS Cloud. By default, gateways use the root node of a server to ingest all data streams. To define node filters, you can use node IDs and the * and ** wildcard characters.

  5. For Destinations, choose where the source data is sent.

    • AWS IoT SiteWise ‐ Send data to AWS IoT SiteWise. Choose this option if you want to process data at the edge.

    • AWS IoT Greengrass stream manager ‐ Use AWS IoT Greengrass steam manager to send data to the following AWS cloud destinations: channels in AWS IoT Analytics, streams in Amazon Kinesis Data Streams, asset properties in AWS IoT SiteWise, or objects in Amazon Simple Storage Service (Amazon S3). For more information, see Manage data streams on the AWS IoT Greengrass Core in AWS IoT Greengrass Version 2 Developer Guide.

      Enter a name for the AWS IoT Greengrass stream.

  6. In the Advanced configuration pane, do the following:

    1. (Optional) Enter a Data stream prefix. The gateway adds this prefix to all data streams from this source. Use a data stream prefix to distinguish between data streams that have the same name from different sources. Each data stream should have a unique name within your account.

    2. Choose a Message security mode for connections and data in transit between your source server and your gateway. This field is the combination of the OPC-UA security policy and message security mode. You must choose the same security policy and message security mode that you specified for your OPC-UA server.

    3. If your source requires authentication, choose an AWS Secrets Manager secret from the Authentication configuration list. The gateway uses the authentication credentials in this secret when it connects to this source. You must attach secrets to your gateway's IoT SiteWise connector to use them for source authentication. For more information, see Configuring source authentication.


      Your data server might have an option named Allow anonymous login. If this option is Yes, then your source doesn't require authentication.

    4. For Property groups, choose Add new group.

    5. enter a Name for the property group.

    6. For Properties:

      1. (Optional) For Node paths, add OPC-UA node filters to limit which OPC-UA paths are uploaded to AWS IoT SiteWise. You can use node filters to reduce your gateway's startup time and CPU usage by only including paths to data that you model in AWS IoT SiteWise. By default, gateways upload all OPC-UA paths except those that start with /Server/. To define OPC-UA node filters, you can use node paths and the * and ** wildcard characters. For more information, see Using OPC-UA node filters.

    7. For Group settings, do the following:

      1. For Scan mode, choose the mode that you want AWS IoT SiteWise to use to collect your data. For more information about scan mode, see Filter data ingestion ranges with OPC-UA.

      2. For Scan rate, update the rate that want the gateway to read your registers. AWS IoT SiteWise automatically calculates the minimum allowable scan rate for your gateway.

      3. (Optional) Configure a Deadband setting for your source. This controls what data your source sends to your AWS IoT SiteWise, and what data it discards. For more information about the deadband setting, see Filter data ingestion ranges with OPC-UA.

    8. Choose Add.

  7. Choose Next.

Step 4: Review and generate an installer

In this step, you review the configuration of your gateway, and then do the following:

  1. Choose one of the following operating system:

    • Amazon Linux

    • Red hat

    • Ubuntu

  2. Choose Generate.

  3. In the dialog box, choose Acknowledge.

AWS IoT SiteWise automatically generates an installer that you can use to configure your gateway device. Make sure that you save the installer file in a secure location. You will use the file later.