Data in transit over the local network - Amazon IoT SiteWise
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Data in transit over the local network

SiteWise Edge gateways follow OPC UA specifications for communication with local OPC UA sources. It's your responsibility to configure your sources to use a message security mode that encrypts data in transit.

The communication between the edge console application and SiteWise Edge gateways is always encrypted by TLS. The SiteWise Edge connector on the SiteWise Edge gateway generates and stores a self-signed certificate to be able to establish a TLS connection with the edge console for Amazon IoT SiteWise application. You will need to copy this certificate from your SiteWise Edge gateway to the edge console for Amazon IoT SiteWise application before you connect the application to the SiteWise Edge gateway. This ensures that the edge console for Amazon IoT SiteWise application is able to verify that it has connected to your trusted SiteWise Edge gateway.

In addition to TLS for secrecy and server authenticity, SiteWise Edge uses the SigV4 protocol to establish the authenticity of the edge console application. The SiteWise Edge connector on the SiteWise Edge gateway accepts and stores a password to be able to verify incoming connections from the edge console application, SiteWise Monitor application running within browsers, and other clients based on the Amazon IoT SiteWise SDK.