Encryption in transit - AWS IoT SiteWise

Encryption in transit

AWS IoT SiteWise has three modes of communication where data is in transit:

Data in transit over the internet

AWS IoT SiteWise uses Transport Layer Security (TLS) to encrypt all communication over the internet. All data sent to the AWS Cloud is sent over a TLS connection using MQTT or HTTPS protocols, so it's secure by default. Gateways, which run on AWS IoT Greengrass, and property value notifications use the AWS IoT transport security model. For more information, see Transport security in the AWS IoT Developer Guide.

Data in transit over the local network

AWS IoT SiteWise gateways follow OPC-UA specifications for communication with local OPC-UA sources. It's your responsibility to configure your sources to use a message security mode that encrypts data in transit.

If you choose a sign message security mode, data in transit between gateways and sources is signed but not encrypted. If you choose a sign and encrypt message security mode, the data in transit between gateways and sources is signed and encrypted. For more information about configuring sources, see Configuring data sources.

Data in transit between local components on gateways

AWS IoT SiteWise gateways run on AWS IoT Greengrass, which doesn't encrypt data exchanged locally on the AWS IoT Greengrass core because the data doesn't leave the device. This includes communication between AWS IoT Greengrass components such as the AWS IoT SiteWise connector. For more information, see Data on the core device in the AWS IoT Greengrass Developer Guide.