Data encryption - Amazon IoT SiteWise
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Data encryption

Data encryption refers to protecting data while in-transit (as it travels to and from Amazon IoT SiteWise, and between gateways and servers), and at rest (while it is stored on local devices or in Amazon services). You can protect data in transit using Transport Layer Security (TLS) or at rest using client-side encryption.

Note

Amazon IoT SiteWise edge processing exposes APIs that are hosted within SiteWise gateways and accessible over the local network. These APIs are exposed over a TLS connection backed by a server-certificate owned by the Amazon IoT SiteWise Edge connector. For client authentication, these APIs use an access-control password. The server-certificate private-key and the access-control password are both stored on disk. Amazon IoT SiteWise edge processing relies on file-system encryption for the security of these credentials at rest.

For more information about server-side encryption and client-side encryption, review the topics listed below.