Architecture options

There are various architectures you can use to connect the AWS IoT SiteWise Edge gateways to service endpoints in the cloud. For more information, see Network-to-Amazon VPC connectivity options (AWS Whitepaper). The following diagram is an example of how connect to service endpoints in the cloud from your industrial control network:

The AWS IoT Greengrass virtual machine that is running AWS IoT SiteWise Edge software sends API calls for AWS services to the interface VPC endpoints in the AWS Cloud. For more information, see Access an AWS service using an interface VPC endpoint in the AWS PrivateLink documentation.
For DNS queries, the AWS IoT Greengrass virtual machine resolves the service API endpoints with the DNS server in the corporate data center.
The DNS server forwards the DNS queries to the inbound Amazon Route 53 Resolver endpoints in the AWS Cloud. For more information, see Forwarding inbound DNS queries to your VPCs in the Route 53 documentation.

Connections from the corporate data center to the Route 53 and Amazon VPC endpoints in the AWS Cloud

To support this architecture, you configure private hosted zones in Route 53. A private hosted zone is a container that holds information about how you want Amazon Route 53 to respond to DNS queries for a domain and its subdomains within one or more VPCs. The following are the Route 53 private hosted zones for this architecture:

iotsitewise.<region>.amazonaws.com
iotsitewise.<region>.amazonaws.com
iotsitewise.<region>.amazonaws.com
(s3) - *.vpce-x.s3.<region>.vpce.amazonaws.com

For more information, see Working with private hosted zones in the Route 53 documentation.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Introduction

Required service endpoints