How to Transfer Data from OPC UA to AWS IoT Core
Open Automation Software can be used to transfer data from an OPC UA server or device to AWS IoT Core, locally or over a network. This guide walks you through downloading and installing OAS, configuring an OPC UA connector, a tag and an AWS IoT Core publisher, and finally publishing the tag using the AWS IoT Core publisher.
For this guide on how to transfer data from an OPC UA server or device to AWS Iot Core you will need:
- An AWS account with access to the AWS IoT Core console
ℹ️ For simulation purposes, you will use the OPC UA server available in the OAS platform to access a Tag value. If you already have an OPC UA server or device available, you can also adjust your configuration to suit your own OPC UA server or device.
1 - Download and Install OAS
If you have not already done so, you will need to download and install the OAS platform.
Fully functional trial versions of the software are available for Windows, Windows IoT Core, Linux, Raspberry Pi and Docker on our downloads page.
On Windows, run the downloaded setup.exe file to install the Open Automation Software platform. For a default installation, Agree to the End User License Agreement and then click the Next button on each of the installation steps until it has completed.
If you'd like to customize your installation or learn more, use the following instructions:
The OAS Service Control application will appear when the installation finishes on Windows.
Click on each START SERVICE button to start each of the three OAS services.
2 - Configure OAS
Configure OAS is the main application used to configure local and remote OAS instances.
From your operating system start menu, open the Configure OAS application.
Select the Configure > Tags screen.
Important
If this is the first time you have installed OAS, the AdminCreate utility will run when you select a screen in the Configure menu. This will ask you to create a username and password for the admin user. This user will have full permissions in the OAS platform.
For further information see Getting Started - Security.
If this is the first time you are logging in, you will see the AdminCreate utility. Follow the prompts to set up your admin account. Otherwise, select the Log In menu button and provide the Network Node, username and password.
Info
In this guide you will use the Configure OAS application to configure the local Network Node which by default is localhost.
If you have installed OAS on a remote instance you can also connect to the remote instance by setting the relevant IP address or host name in the Network Node field.
3 - Create Security Group and User
When connecting to the local OAS OPC UA server, you need to configure a security group and a user to provide Tag read/write access. You'll need these credentials when creating the OPC UA connector instance later.
ℹ️ You can skip this step if you are connecting to your own third party OPC UA server.
Select Configure > Security from the top menu.
Provide a Group Name such as OPC UA Access.
Click on the DISABLE ALL button to disable all access.
In the Tags tab, ensure Get Tag Group Names and Get Tag Names is checked. This setting is required when browsing the OPC UA server tag structure once you get to the step of assigning the OPC UA data source to a Tag.
In the Read Tags tab, ensure Disable All Tags From Reading is NOT checked.
In the Write Tags tab, ensure Disable Add Tags From Writing is NOT checked.
Click on the ADD GROUP button on the left hand side to add this security group configuration. Once added, the security group name should appear in the list of security groups.
Select Configure > Users from the top menu.
Provide a User Name such as opcuauser, a password and set the Security Group as OPC UA Access.
Click on the ADD USER button on the left hand side to add this user configuration. Once added, the user name should appear in the list of users.
4 - Add Tag for Temperature Simulation
In this section you will create a Tag to represent a Temperature sensor that will then be read from the OAS OPC UA server.
ℹ️ If you have your own third-party OPC UA server where you can simulate a Tag value then you can skip this step.
Select Configure > Tags from the top menu.
Select the root Tags group and click on the ADD TAG button.
Provide a Tag Name such as TemperatureSensorSimulation and click the OK button.
In the Enter Value field enter a value to represent the simulated temperature.
5 - Configure OPC UA Data Source
In the following steps you will create and configure a OPC UA Connector to connect to the OAS internal OPC UA server on port 58728.
ℹ️ If you want to use your own third-party OPC UA server you can provide the relevant Server URL and security credentials instead of the details provided below.
Select Configure > Drivers from the top menu.
Enter a meaningful Driver Interface Name to give this driver interface instance a unique name.
Ensure the following parameters are configured:
- Driver: OPC UA
- Server Url: opc.tcp://localhost:58728
Click on the BROWSE button to select a Security Profile. Choose the appropriate security profile. For this guide we will choose None:None:Binary.
Enabled User Security and enter the Username and Password credentials created in the earlier section.
Click on the ADD DRIVER button on the left hand side to add this driver configuration. Once added, the driver interface name should appear in the list of drivers.
6 - Add Data Source Tag
In this section you will create a Tag to represent your data point in the field (for example a temperature sensor). This can then be transferred your desired destination.
Select Configure > Tags from the top menu.
If you want to add a Tag to the root Tags group make sure the Tags node is selected in the tag list and click on the ADD TAG button.
If you want to add a Tag to a Tag Group, select the Tag Group first and then click on the ADD TAG button.
You can also add Tag Groups by using the ADD GROUP button.
Provide a Tag Name such as TemperatureSensor and click the OK button.
7 - Assign OPC UA as Tag Data Source
You will now set the Tag's data source to the OPC UA driver interface that you created previously.
Select the Tag that will source data from the local OPC UA data source.
Set the Data Source to OPC UA.
Set the Select Driver Interface drop-down to the OPC UA Connector interface created previously.
Click on the BROWSE button next to the NodeId field. In the BROWSE OPC UA SERVER window you can select the Local node, then select TemperatureSensorSimulation. In the right hand VARIABLE section select - Value. You should see the Node ID is now TemperatureSensorSimulation.Value.
Click on the OK button to select this Tag.
Click on the Apply Changes button to apply the changes.
Check that the quality status is Good Quality and the data in the Value field is as expected.
If you change the value of the TemperatureSensorSimulation Tag then you should see the same value update in the TemperatureSensor Tag. This means your OPC UA interface is working.
8 - Create Publisher Thing in AWS IoT Core
In this step you will create a Thing in the AWS IoT Core service and the required certificate and policies for publishing tag values to AWS IoT Core. This represents your connection and security settings between OAS and AWS IoT Core.
Login to the AWS Console and select the AWS IoT service.
Under the Manage and All Devices menu select Things.
Click on the Create things button to start the create new things wizard.
Select Create single thing and click on the Next button.
Set the Thing name to OAS_Publisher and click on the Next button.
Leave the default option to generate device certificate automatically and click on the Next button.
Select the Create policy button. This will open a new browser tab or window.
Set the Policy name to OASPublisherPolicy. The policy will need to allow the iot:Connect and iot:Publish actions. For the purpose of this guide the policy will allow all resources using the * wildcard.
Important
For security best practices in production systems you should always restrict your policy to the client ID and AWS resource name (ARN) that represents your region, account and topic paths.
Go back to the create thing wizard and select the OASPublisherPolicy. Click on the Create thing button.
You will see a window relating to certificates. Download the device certificate, the public key file, the private key file and one of the Root CA certificates. You should keep these files in a folder with limited permissions. You'll need them when configuring the AWS IoT Core publisher in the OAS platform.
9 - Configure AWS IoT Core Publisher
In the following steps you will create and configure an AWS IoT Core Publisher for publishing tag values.
To determine the AWS IoT Core endpoint you will need to login to the AWS console and select the AWS IoT service. Select the Domain configurations menu.
If you don't already have a domain name use the Create domain configuration button to create one. You will need to take a note of the Domain name property, which represents your AWS IoT Core broker endpoint.
In the Configure OAS application, select Configure > Drivers from the top menu.
Enter a meaningful Driver Interface Name to give this driver interface instance a unique name (for example AWS IoT Publisher).
Ensure the following parameters are configured:
- Driver: AWS IoT Gateway
- BrokerPort: 8883
- Create Certificate: Select this if running Windows
- Client Certificate File: The device certificate pem.crt file from the previous section
- Client Certificate Key File: The private pem.key file from the previous section
- Server Certificate File: The Root CA pem file from the previous section
- Client ID: OASPublisher
- IoT End Point: This is your AWS Iot Core endpoint from step 2 above
Info
If you are using Linux, you can generate a PFX certificate using OpenSSL.
openssl pkcs12 -export \ -out oas-connection-certificate.pfx \ -inkey 2ed57ff8e30d1a12345f69bc2a8a6b4a1721b123456789912e675cc74111ced7-private.pem.key \ -in 2ed57ff8e30d1a12345f69bc2a8a6b4a1721b123456789912e675cc74111ced7-certificate.pem.crt \ -certfile AmazonRootCA1.pem
You can then use the generated certificate and password in your AWS IoT Gateway driver configuration:
Click the ADD DRIVER button on the left hand side to add this driver configuration. Once added, the driver interface name should appear in the list of drivers.
10 - Publish Selected Tags in AWS IoT Gateway connector
In this step you will select the Tags that you want to publish to the AWS IoT Core broker in the AWS IoT Publisher driver configuration.
In the Configure > Drivers screen, select the AWS IoT Core driver instance that you created in the previous section (for example AWS IoT Core Connection 1).
Make sure the Publish Selected Tags checkbox is ticked.
In the table at the bottom click on the ADD button.
Select the Tag you want to add in the left hand panel and then ensure the Value property is selected. By default the name of the property will be the full Tag path (e.g. TemperatureSensor.Value). If you want to set your own property name, you can change the Id field to your own custom value.
The Tag has now been added to the list. You can add other Tags by repeating steps 3 and 4.
Click on the Apply Changes button.
11 - Verify Messages are Published to AWS IoT Core
In this step you will confirm that OAS is successfully publishing your selected Tags to AWS IoT Core. By default, the publishing type is set to Continuous and the interval is 10 seconds.
Login to the AWS Console and select the AWS IoT service.
Under the Test menu select MQTT test client.
The default topic will be oas_tags. To check that we can receive messages on this topic, provide this topic name in the Topic filter text box and then click on the Subscribe button.
In the Subscriptions section you should see the MQTT payload being published.
Info
The AWS IoT Gateway Publish Selected Tags feature has many different properties that can be configured to change when data is sent, how the payload is structured and which tag parameters are included.
For more information see: Publish Data to AWS IoT Core
12 - Save Changes
Once you have successfully configured your OAS instances, make sure you save your configuration.
On each configuration page, click on the Save button.
If this is the first time you are saving the configuration, or if you are changing the name of the configuration file, OAS will ask you if you want to change the default configuration file.
If you select Yes then OAS will make this configuration file the default and if the OAS service is restarted then this file will be loaded on start-up.
If you select No then OAS will still save your configuration file, but it will not be the default file that is loaded on start-up.
Important
Each configuration screen has an independent configuration file except for the Tags and Drivers configurations, which share the same configuration file. It is still important to click on the Save button whenever you make any changes.
For more information see: Save and Load Configuration
Info
- On Windows the configuration files are stored in C:\ProgramData\OpenAutomationSoftware\ConfigFiles.
- On Linux the configuration files are stored in the ConfigFiles subfolder of the OAS installation path.