Required service endpoints for AWS IoT SiteWise Edge gateways
To set up connections with the AWS services required for the AWS IoT SiteWise Edge gateway, configure endpoints for the following AWS services:
Unless noted as optional, the endpoints in this section are required by the AWS IoT SiteWise Edge gateway or to adhere to AWS recommendations and security best practices. Set up and test these endpoints before creating the gateway.
Note
Values that need to be customized for your deployment configuration are in angle
brackets (<>
). For a complete list of AWS Regions, see AWS Regions in AWS General Reference.
IAM endpoint
The following is the required service endpoint for AWS Identity and Access Management (IAM). For more information, see IAM endpoints.
Destination endpoint |
Port |
Protocol |
Direction |
Description |
---|---|---|---|---|
|
443 |
TCP |
Outbound |
Edge device to IAM |
AWS IoT Core endpoints
The following are the service endpoints for AWS IoT Core. For more information, see
AWS IoT Core
endpoints. In this table,
is your
account-specific prefix for AWS IoT
Device Management - jobs data endpoints (AWS IoT Core documentation).prefix
Destination endpoint |
Port |
Protocol |
Direction |
AWS CLI commands |
Description |
---|---|---|---|---|---|
|
443 |
TCP |
Outbound |
|
Edge device to the account-specific AWS IoT data plane |
|
443 |
TCP |
Outbound |
|
Edge device to authenticate AWS IoT Core calls by using a built-in X.509 client certificate |
|
443 |
TCP |
Outbound |
|
Edge device to the AWS IoT Core control plane |
AWS IoT Greengrass V2 endpoints
The following are the service endpoints for AWS IoT Greengrass V2. For more information, see AWS IoT Greengrass V2 endpoints.
Destination endpoint |
Port |
Protocol |
Direction |
Description |
---|---|---|---|---|
|
443 |
TCP |
Outbound |
Edge device to the AWS IoT Greengrass V2 control plane |
|
443 |
TCP |
Outbound |
Edge device to the AWS IoT Greengrass data plane |
AWS IoT SiteWise endpoints
The following are the service endpoints for AWS IoT SiteWise. For more information, see AWS IoT SiteWise endpoints.
Destination endpoint |
Port |
Protocol |
Direction |
Description |
---|---|---|---|---|
|
443 |
TCP |
Outbound |
Edge device to the AWS IoT SiteWise data plane |
|
443 |
TCP |
Outbound |
(Optional) Edge device to the AWS IoT SiteWise service plane |
|
443 |
TCP |
Outbound |
Edge device to the AWS IoT SiteWise control plane |
|
443 |
TCP |
Outbound |
Edge device to the AWS IoT SiteWise model control plane |
|
443 |
TCP |
Outbound |
Edge device to the AWS IoT SiteWise edge API operations |
|
443 |
TCP |
Outbound |
(Optional) Edge device to an AWS IoT SiteWise Monitor portal |
AWS KMS endpoint
The following is the service endpoint for AWS Key Management Service (AWS KMS). For more information, see AWS KMS endpoints.
Destination endpoint |
Port |
Protocol |
Direction |
Description |
---|---|---|---|---|
|
443 |
TCP |
Outbound |
Edge device to AWS KMS |
Secrets Manager endpoint
The following is the service endpoint for AWS Secrets Manager. For more information, see Secrets Manager endpoints.
Destination endpoint |
Port |
Protocol |
Direction |
Description |
---|---|---|---|---|
|
443 |
TCP |
Outbound |
Edge device to Secrets Manager |
AWS STS endpoint
The following is the service endpoint for AWS Security Token Service (AWS STS). For more information, see AWS STS endpoints.
Destination endpoint |
Port |
Protocol |
Direction |
Description |
---|---|---|---|---|
|
443 |
TCP |
Outbound |
Edge device to AWS STS |
Amazon S3 endpoints
The following are the service endpoints for Amazon Simple Storage Service (Amazon S3). For more information, see Amazon S3 endpoints.
Destination endpoint |
Port |
Protocol |
Direction |
Description |
---|---|---|---|---|
|
443 |
TCP |
Outbound |
Edge device to all S3 buckets in the AWS Region |
|
443 |
TCP |
Outbound |
Edge device to any S3 bucket for downloading all AWS IoT Greengrass V2 components, including AWS provided components |
|
443 |
TCP |
Outbound |
(Optional) Edge device to any S3 bucket in the AWS Region for downloading all AWS IoT Greengrass V2 components, including AWS provided components |
Systems Manager endpoints
The following are the service endpoints for AWS Systems Manager. For more information, see Systems Manager endpoints.
Destination endpoint |
Port |
Protocol |
Direction |
Description |
---|---|---|---|---|
|
443 |
TCP |
Outbound |
Edge device to Systems Manager |
|
443 |
TCP |
Outbound |
(Optional) Edge device to Session Manager |