Manufacturing companies generate terabytes of machine data every day — and use less than 5% of it. The reason is data isolation: shopfloor data is locked in proprietary systems, protocols are incompatible, and the path from machine to actionable dashboard is littered with custom middleware. AWS Industrial IoT solves this with a fully managed stack: IoT Core for secure device connections, IoT SiteWise for data modelling, Kinesis for real-time stream processing, and Greengrass for edge intelligence directly on the shopfloor. This article presents the reference architecture, explains OPC-UA integration, and outlines how to deliver a production-ready pilot in 6–10 weeks.

Why Shopfloor Data Remains Untapped

Most manufacturing companies already have numerous data-capturing systems: SCADA, PLCs, MES platforms, condition monitoring units. The problem is not a lack of data — it is data isolation. Every system speaks a different protocol, every machine vendor ships its own interface, and bridging the gap between OT (Operational Technology) and IT traditionally requires months-long integration projects with expensive system integrators.

There is also a latency problem. When production data only appears in reporting the next day, deviations can no longer be corrected in time. Plant managers make decisions based on data that is hours or days old — while the next issue on the shopfloor is already developing.

Finally, self-built data pipelines rarely scale. A custom solution built for one plant is almost never transferable to ten plants without a near-complete rebuild. Industrial IoT on AWS addresses all three problems with managed services that do not disrupt operations.

Key Concepts: IIoT Building Blocks Defined

OPC-UA (Open Platform Communications Unified Architecture)
A vendor-neutral industrial communication standard from the OPC Foundation. OPC-UA specifies both a secure transport layer (binary over TCP or HTTPS) and a semantic information model: machines expose their data as nodes in an address space that clients can browse and subscribe to. AWS IoT SiteWise includes a built-in OPC-UA collector that communicates directly with OPC-UA servers on the shopfloor — no additional middleware or drivers required.
AWS IoT SiteWise Asset Model
A structured data model that represents physical assets — machines, lines, plants — as digital twins. An asset model defines properties (e.g. temperature, rotational speed), metrics (computed time-series aggregations), and hierarchies (machine belongs to line, line to plant). SiteWise automatically generates APIs, alarms, and dashboards from the asset model — no manual configuration per data point.
MQTT (Message Queuing Telemetry Transport)
A lightweight publish-subscribe protocol optimised for IoT devices with constrained bandwidth or processing power. MQTT decouples publishers from subscribers via a broker — AWS IoT Core in the AWS world. Devices publish measurements to topics; AWS services subscribe to those topics and route messages to downstream processing via rules.
Edge Gateway
An industrial computer or embedded system that mediates between shopfloor machines and cloud infrastructure. The edge gateway handles protocol translation (e.g. OPC-UA to MQTT), local data buffering during network outages, and optional pre-processing (filtering, aggregation, anomaly detection). AWS IoT Greengrass runs on the edge gateway and extends AWS Lambda functions to the edge tier.

AWS IoT Core: Secure Device Connectivity at Scale

AWS IoT Core is the managed broker for IoT device connections — it scales to billions of devices and manages the full security infrastructure for all connections. For the shopfloor, this means every machine, edge gateway and sensor authenticates with a unique X.509 certificate. IoT Core validates the certificate, opens an encrypted TLS 1.3 connection, and accepts MQTT messages.

The IoT Core Rule Engine is particularly powerful: SQL-like rules allow incoming messages to be filtered, transformed and routed to up to 20 different AWS targets simultaneously — IoT SiteWise for time-series storage, Kinesis Data Streams for real-time processing, S3 for long-term archival, or Lambda for custom business logic.

An important feature for manufacturing environments is offline buffering: IoT Core stores messages for devices that go temporarily offline (e.g. during a firmware update) and delivers them upon the next connection. No data loss during brief network interruptions on the shopfloor.

AWS IoT SiteWise: Structured Industrial Data Modelling

Raw sensor data has no value without context. A temperature reading of 87°C says little on its own — but "Bearing temperature Motor A3 in Hall 2, Hamburg plant, exceeding threshold 85°C" is an actionable alert. AWS IoT SiteWise provides that context through its asset model concept.

Building a Hierarchical Asset Model

The modelling approach mirrors physical reality. Start by defining asset types (milling machine, conveyor, compressor), then their properties (sensor measurements) and metrics (computed aggregations such as mean, maximum, standard deviation over time windows). Then build asset hierarchies: machines belong to lines, lines to plants.

SiteWise then handles continuous time-series computation automatically. When a machine supplies a raw measurement "Vibration X-axis", SiteWise continuously calculates the 5-minute rolling average, the daily maximum and the standard deviation — without any code. All metrics are immediately queryable via the SiteWise API and integrated data store.

OPC-UA Integration in Practice

The SiteWise Edge Collector runs on an edge gateway (e.g. an industrial PC running AWS IoT Greengrass) inside the plant network. It connects to the machines' OPC-UA servers and reads their address spaces. OPC-UA node IDs are mapped to SiteWise asset properties in the configuration wizard — a one-time setup per machine type that is then reused for every identical machine in the fleet.

Amazon Kinesis: Real-Time Shopfloor Stream Processing

If IoT SiteWise is the structured time-series repository, Amazon Kinesis is the real-time data highway. Kinesis Data Streams ingests the continuous data stream from IoT Core and makes it immediately available to parallel consumers — without data loss, with configurable retention of up to 365 days.

In the manufacturing context this enables concrete use cases:

  • Real-time quality control: Kinesis Data Analytics (Apache Flink) computes rolling statistics over production parameters. If a machine crosses tolerance boundaries, an alert fires before defective parts are produced.
  • Anomaly detection: A Kinesis consumer feeds Amazon Lookout for Equipment with real-time data for continuous per-asset anomaly scores.
  • Cross-line analysis: When multiple production lines stream into Kinesis in parallel, a Flink job can detect correlations across lines — for example, whether a shared compressor is influencing several lines simultaneously.

Kinesis Firehose automates long-term archival: data streams are compressed (Parquet/ORC), partitioned by date and asset, and written to S3 — ready for later analysis with Amazon Athena or AWS Glue.

Real-Time Dashboards with Amazon Managed Grafana

Plant managers and shift supervisors need dashboards that convey the current equipment status at a glance. AWS provides Amazon Managed Grafana — a fully managed Grafana service with native integrations for IoT SiteWise, Kinesis, and CloudWatch.

A typical IIoT dashboard for manufacturing includes:

  • OEE (Overall Equipment Effectiveness) tiles per line, computed from availability, performance, and quality metrics
  • Time-series panels for critical sensors with threshold overlays (warning and alarm limits sourced from SiteWise)
  • Active alarm list with unacknowledged alerts sorted by priority and asset hierarchy
  • Comparison views: current shift vs. previous shift, current plant vs. benchmark plant

SiteWise Alarms integrate directly with Grafana: alarm states appear as annotations on time-series panels, making correlations between alarms and sensor trends immediately visible. Authentication is handled through AWS IAM Identity Center (SSO), so plant managers, shift supervisors, and quality engineers each receive role-appropriate views of the same underlying data.

Edge Processing with AWS IoT Greengrass

Not all processing needs to — or should — happen in the cloud. AWS IoT Greengrass brings Lambda functions, ML inference, and stream processing directly onto edge hardware inside the plant. Three reasons make this relevant:

Latency and Response Time

For safety-critical control loops and emergency shutdowns, milliseconds matter. A Greengrass device can execute local Lambda functions and actuate directly — without a round trip to the cloud. A protection function that shuts down a machine on overpressure cannot depend on an internet connection.

Data Sovereignty and Compliance

Production recipes and process parameters are often trade secrets. With Greengrass, it is possible to specify which raw data remains local and which aggregated or anonymised values are sent to the cloud. This is directly relevant to NIS2 and the EU Machinery Regulation (EU) 2023/1230, which mandate cybersecurity measures for OT networks.

Resilience During Network Outages

Greengrass buffers data locally when the cloud connection is interrupted. Once connectivity is restored, buffered data is synchronised. Production continues without interruption and the data gap in the cloud is closed automatically.

ML Inference at the Edge

With Greengrass ML Inference, SageMaker models run directly on edge hardware. A trained anomaly detection model operates on the shopfloor without cloud connectivity, delivering immediate alerts with no latency and no data transfer costs.

IIoT Reference Architecture: From Sensor to Dashboard

Layer AWS Service Function Protocol / Format
Device Connectivity AWS IoT Core Device authentication, MQTT broker, rule engine MQTT 3.1.1 / 5, TLS 1.3, X.509
Edge Processing AWS IoT Greengrass Local Lambda, ML inference, OPC-UA collector, data buffering OPC-UA, Modbus, MQTT
Time Series & Modelling AWS IoT SiteWise Asset models, metrics, alarms, time-series data store SiteWise API, MQTT
Real-Time Streaming Amazon Kinesis Data stream for parallel consumption and analytics jobs Kinesis Client Library, HTTPS
Stream Analytics Kinesis Data Analytics Apache Flink jobs, rolling statistics, complex event processing SQL, Java / Scala (Flink)
Long-Term Archive Amazon S3 + Athena Parquet archive, ad-hoc SQL analysis, ML training datasets Parquet / ORC, HTTPS
Visualisation Amazon Managed Grafana OEE dashboards, alarms, multi-site comparisons Grafana Data Source API
Anomaly Detection / ML Amazon Lookout for Equipment Unsupervised anomaly detection on sensor time series SiteWise integration, API

Regulatory Context: EU Machinery Regulation, GDPR and NIS2

Industrial IoT in Germany and the EU operates within a clear regulatory framework. Three pieces of legislation are particularly relevant:

EU Machinery Regulation (EU) 2023/1230

The new EU Machinery Regulation — replacing Machinery Directive 2006/42/EC and applicable from January 2027 — sets explicit requirements for networked machines: digital operating instructions, interfaces for remote access, and cybersecurity requirements for machine-adjacent communication. An IIoT platform on AWS must ensure that remote access is audited, communication channels are encrypted, and access rights are clearly defined — all features that AWS IoT Core and IAM provide out of the box.

GDPR

Shopfloor sensor data (temperature, rotational speed, vibration) is generally not personal data. However, as soon as machine data is linked to shift schedules, operator IDs, or individual output records, GDPR applies. AWS Frankfurt (eu-central-1) provides data residency in Germany. AWS is GDPR-compliant and holds ISO 27001 and SOC 2 Type II certifications. Data Processing Agreements are available via AWS Standard Contractual Clauses.

NIS2 Directive

Manufacturing companies classified as critical or important entities under NIS2 must demonstrate measures to secure their network and information systems — including OT networks explicitly. Greengrass deployments should run in a segmented OT network (DMZ between OT and IT). AWS IoT Device Defender continuously monitors device behaviour and reports deviations from the baseline profile — an important NIS2 audit capability.

Storm Reply Perspective: IIoT in Real Manufacturing Projects

Storm Reply accompanies manufacturing companies from the first OPC-UA connectivity workshop to a production-ready, multi-site IIoT stack. Three patterns consistently drive success in real projects:

Asset model first: Projects that begin with SiteWise data modelling — rather than with technical connectivity — achieve significantly higher adoption among production teams. The model reflects the language of the shopfloor: asset, line, plant — not IT abstractions. Plant managers need to understand the dashboard, not the architecture.

Edge-first for legacy machines: Older machines without OPC-UA support can be connected via Greengrass with Modbus TCP adapters. Greengrass handles protocol translation and normalises data into SiteWise format. No machine retrofit required — existing infrastructure remains unchanged.

Pilot on a live production line, not a test rig: IIoT pilots run on an actually productive line — with real load, real shift schedules, real alarm cascades — yield more realistic insights than isolated test environments. Operational stress validates architecture resilience early, before rollout.

Storm Reply is AWS Premier Consulting Partner in the DACH region with recognised expertise in IoT and industrial automation. We cover IIoT projects end-to-end: architecture, integration, and ongoing operations — including AWS MAP funding applications for qualifying projects.

Benefits and Challenges: IIoT on AWS

Aspect Benefits Challenges & Mitigations
Scalability From one line to 100 plants without re-architecture; SiteWise and IoT Core scale automatically Asset model governance becomes complex at many sites; plan model versioning and IaC CI/CD from the start
Cost Pay-per-use: no fixed licence costs; low entry threshold for pilots High-frequency sensor data (100 Hz and above) drives costs; use Greengrass downsampling at the edge to reduce volume
Legacy Integration Greengrass supports Modbus, OPC-DA, MQTT and custom adapters Very old PLCs without any network interface require hardware retrofits; budget accordingly
Security Zero-trust architecture with X.509, TLS 1.3, IAM policies; Device Defender for continuous monitoring OT network segmentation requires coordination with network teams; IT/OT convergence is often an organisational project
Dashboards Managed Grafana with native SiteWise integration; no BI infrastructure to maintain Build Grafana expertise in the team; plan access control for multi-site dashboards
Data Sovereignty Greengrass enables local processing; AWS Frankfurt for EU data residency Define clearly: which data stays local, which goes to the cloud; data governance concept required

FAQ: Industrial IoT on AWS

What is OPC-UA and why does it matter for Industrial IoT?
OPC-UA (Open Platform Communications Unified Architecture) is a vendor-neutral industrial communication standard. It defines both a secure transport protocol and a semantic information model, allowing machines from different manufacturers to describe and exchange data consistently. AWS IoT SiteWise includes a native OPC-UA collector that reads data directly from OPC-UA servers on the shopfloor — no proprietary middleware required.
How is shopfloor data secured during transmission to AWS?
AWS IoT Core uses TLS 1.3 for transport encryption and X.509 certificates for device authentication. Each device receives a unique certificate; compromised devices can be revoked individually. AWS IoT Greengrass enables local processing so sensitive raw data never leaves the factory floor. The architecture satisfies NIS2 and EU Machinery Regulation (EU) 2023/1230 cybersecurity requirements.
How long does an IIoT pilot project with AWS typically take?
A structured pilot covering a single production line can be completed in 6–10 weeks: 2 weeks for connectivity (OPC-UA integration, Greengrass deployment), 2 weeks for data modelling in SiteWise, and 2 weeks for dashboards and alarms. Subsequent rollout to additional lines and sites benefits from the asset model template developed during the pilot.
What are the monthly AWS costs for an IIoT deployment?
Costs depend on data volume. AWS IoT Core charges per message and connection-minute; AWS IoT SiteWise charges per data point and measurement. For a typical production line with 200 sensors at 1-second sampling, AWS costs typically fall between €500 and €2,000 per month — well below the cost of a single unplanned downtime event.
Does AWS IoT SiteWise comply with GDPR?
Shopfloor sensor data (temperature, vibration, pressure) does not typically constitute personal data. However, when machine data is linked to employee records — such as shift performance — GDPR applies. AWS offers data residency in the eu-central-1 (Frankfurt) region, ensuring all data remains within Germany. AWS holds ISO 27001, SOC 2 Type II, and BSI C5 certifications.

Further Reading

Planning an IIoT Pilot for Your Plant?

Storm Reply guides you from OPC-UA connectivity to real-time dashboard — delivering a production-ready result in 6–10 weeks.

Get in Touch

More Insights

Predictive Maintenance on AWS

From sensor data to maintenance predictions with SageMaker and Lookout for Equipment.

Industry 4.0 Cloud Stack: OT/IT Integration

How OT and IT converge in manufacturing through the cloud.