How to Transfer Data from OPC UA to AWS IoT Core

How to Transfer Data from OPC UA to AWS IoT Core

Open Automation Software can be used to transfer data from an OPC UA server or device to AWS IoT Core, locally or over a network. This guide walks you through downloading and installing OAS, configuring an OPC UA connector, a tag and an AWS IoT Core publisher, and finally publishing the tag using the AWS IoT Core publisher.

For this guide on how to transfer data from an OPC UA server or device to AWS Iot Core you will need:

  • An AWS account with access to the AWS IoT Core console

ℹ️ For simulation purposes, you will use the OPC UA server available in the OAS platform to access a Tag value. If you already have an OPC UA server or device available, you can also adjust your configuration to suit your own OPC UA server or device.

1 - Download and Install OAS

If you have not already done so, you will need to download and install the OAS platform.

Fully functional trial versions of the software are available for Windows, Windows IoT Core, Linux, Raspberry Pi and Docker on our downloads page.

On Windows, run the downloaded setup.exe file to install the Open Automation Software platform. For a default installation, Agree to the End User License Agreement and then click the Next button on each of the installation steps until it has completed.

If you'd like to customize your installation or learn more, use the following instructions:

The OAS Service Control application will appear when the installation finishes on Windows.

OAS Service Control

Click on each START SERVICE button to start each of the three OAS services.

2 - Configure OAS

Configure OAS is the main application used to configure local and remote OAS instances.

OAS Logo

  1. From your operating system start menu, open the Configure OAS application.

  2. Select the Configure > Tags screen.

    Important

    If this is the first time you have installed OAS, the AdminCreate utility will run when you select a screen in the Configure menu. This will ask you to create a username and password for the admin user. This user will have full permissions in the OAS platform.

    For further information see Getting Started - Security.

  3. If this is the first time you are logging in, you will see the AdminCreate utility. Follow the prompts to set up your admin account. Otherwise, select the Log In menu button and provide the Network Node, username and password.

    Log In Menu

    Log In Dialog

Info

In this guide you will use the Configure OAS application to configure the local Network Node which by default is localhost.

If you have installed OAS on a remote instance you can also connect to the remote instance by setting the relevant IP address or host name in the Network Node field.

3 - Create Security Group and User

When connecting to the local OAS OPC UA server, you need to configure a security group and a user to provide Tag read/write access. You'll need these credentials when creating the OPC UA connector instance later.

ℹ️ You can skip this step if you are connecting to your own third party OPC UA server.

  1. Select Configure > Security from the top menu.

    Configure drivers menu

  2. Provide a Group Name such as OPC UA Access.

    OPC UA security group name

  3. Click on the DISABLE ALL button to disable all access.

    Disable all access button

  4. In the Tags tab, ensure Get Tag Group Names and Get Tag Names is checked. This setting is required when browsing the OPC UA server tag structure once you get to the step of assigning the OPC UA data source to a Tag.

    Allow get tag groups and tag names

  5. In the Read Tags tab, ensure Disable All Tags From Reading is NOT checked.

    Read tags not disabled

  6. In the Write Tags tab, ensure Disable Add Tags From Writing is NOT checked.

    Write tags not disabled

  7. Click on the ADD GROUP button on the left hand side to add this security group configuration. Once added, the security group name should appear in the list of security groups.

    Add security group button

  8. Select Configure > Users from the top menu.

    Configure drivers menu

  9. Provide a User Name such as opcuauser, a password and set the Security Group as OPC UA Access.

    Set username and security group

  10. Click on the ADD USER button on the left hand side to add this user configuration. Once added, the user name should appear in the list of users.

    Add user button

4 - Add Tag for Temperature Simulation

In this section you will create a Tag to represent a Temperature sensor that will then be read from the OAS OPC UA server.

ℹ️ If you have your own third-party OPC UA server where you can simulate a Tag value then you can skip this step.

  1. Select Configure > Tags from the top menu.

    Configure tags menu

  2. Select the root Tags group and click on the ADD TAG button.

    Add tag button

  3. Provide a Tag Name such as TemperatureSensorSimulation and click the OK button.

    Add sim tag to root node dialog

  4. In the Enter Value field enter a value to represent the simulated temperature.

    Temperature value

5 - Configure OPC UA Data Source

In the following steps you will create and configure a OPC UA Connector to connect to the OAS internal OPC UA server on port 58728.

ℹ️ If you want to use your own third-party OPC UA server you can provide the relevant Server URL and security credentials instead of the details provided below.

  1. Select Configure > Drivers from the top menu.

    Configure drivers menu

  2. Enter a meaningful Driver Interface Name to give this driver interface instance a unique name.

  3. Ensure the following parameters are configured:

    • Driver: OPC UA
    • Server Url: opc.tcp://localhost:58728
  4. Click on the BROWSE button to select a Security Profile. Choose the appropriate security profile. For this guide we will choose None:None:Binary.

    OPC UA security profile

  5. Enabled User Security and enter the Username and Password credentials created in the earlier section.

    OPC UA connector configuration

  6. Click on the ADD DRIVER button on the left hand side to add this driver configuration. Once added, the driver interface name should appear in the list of drivers.

    Add OPC UA driver button

6 - Add Data Source Tag

In this section you will create a Tag to represent your data point in the field (for example a temperature sensor). This can then be transferred your desired destination.

  1. Select Configure > Tags from the top menu.

    Configure tags menu

  2. If you want to add a Tag to the root Tags group make sure the Tags node is selected in the tag list and click on the ADD TAG button.

    Add tag button

    If you want to add a Tag to a Tag Group, select the Tag Group first and then click on the ADD TAG button.

    You can also add Tag Groups by using the ADD GROUP button.

  3. Provide a Tag Name such as TemperatureSensor and click the OK button.

    Add tag to root node dialog

7 - Assign OPC UA as Tag Data Source

You will now set the Tag's data source to the OPC UA driver interface that you created previously.

  1. Select the Tag that will source data from the local OPC UA data source.

    Tag

  2. Set the Data Source to OPC UA.

  3. Set the Select Driver Interface drop-down to the OPC UA Connector interface created previously.

  4. Click on the BROWSE button next to the NodeId field. In the BROWSE OPC UA SERVER window you can select the Local node, then select TemperatureSensorSimulation. In the right hand VARIABLE section select - Value. You should see the Node ID is now TemperatureSensorSimulation.Value.

    Click on the OK button to select this Tag.

    Browse OPC UA Server window

  5. Click on the Apply Changes button to apply the changes.

    OPC UA tag configuration

  6. Check that the quality status is Good Quality and the data in the Value field is as expected.

    OPC UA tag quality

  7. If you change the value of the TemperatureSensorSimulation Tag then you should see the same value update in the TemperatureSensor Tag. This means your OPC UA interface is working.

8 - Create Publisher Thing in AWS IoT Core

In this step you will create a Thing in the AWS IoT Core service and the required certificate and policies for publishing tag values to AWS IoT Core. This represents your connection and security settings between OAS and AWS IoT Core.

  1. Login to the AWS Console and select the AWS IoT service.

  2. Under the Manage and All Devices menu select Things.

  3. Click on the Create things button to start the create new things wizard.

  4. Select Create single thing and click on the Next button.

    Create thing policy

  5. Set the Thing name to OAS_Publisher and click on the Next button.

    Create publisher thing

  6. Leave the default option to generate device certificate automatically and click on the Next button.

    Auto generate things

  7. Select the Create policy button. This will open a new browser tab or window.

  8. Set the Policy name to OASPublisherPolicy. The policy will need to allow the iot:Connect and iot:Publish actions. For the purpose of this guide the policy will allow all resources using the * wildcard.

    Create publisher thing policy

    Important

    For security best practices in production systems you should always restrict your policy to the client ID and AWS resource name (ARN) that represents your region, account and topic paths.

  9. Go back to the create thing wizard and select the OASPublisherPolicy. Click on the Create thing button.

  10. You will see a window relating to certificates. Download the device certificate, the public key file, the private key file and one of the Root CA certificates. You should keep these files in a folder with limited permissions. You'll need them when configuring the AWS IoT Core publisher in the OAS platform.

    Download certificates

9 - Configure AWS IoT Core Publisher

In the following steps you will create and configure an AWS IoT Core Publisher for publishing tag values.

  1. To determine the AWS IoT Core endpoint you will need to login to the AWS console and select the AWS IoT service. Select the Domain configurations menu.

  2. If you don't already have a domain name use the Create domain configuration button to create one. You will need to take a note of the Domain name property, which represents your AWS IoT Core broker endpoint.

  3. In the Configure OAS application, select Configure > Drivers from the top menu.

    Configure drivers menu

  4. Enter a meaningful Driver Interface Name to give this driver interface instance a unique name (for example AWS IoT Publisher).

  5. Ensure the following parameters are configured:

    • Driver: AWS IoT Gateway
    • BrokerPort: 8883
    • Create Certificate: Select this if running Windows
    • Client Certificate File: The device certificate pem.crt file from the previous section
    • Client Certificate Key File: The private pem.key file from the previous section
    • Server Certificate File: The Root CA pem file from the previous section
    • Client ID: OASPublisher
    • IoT End Point: This is your AWS Iot Core endpoint from step 2 above

    AWS IoT Gateway publisher connection configuration

    Info

    If you are using Linux, you can generate a PFX certificate using OpenSSL.

    openssl pkcs12 -export \
        -out oas-connection-certificate.pfx \
        -inkey 2ed57ff8e30d1a12345f69bc2a8a6b4a1721b123456789912e675cc74111ced7-private.pem.key \
        -in 2ed57ff8e30d1a12345f69bc2a8a6b4a1721b123456789912e675cc74111ced7-certificate.pem.crt \
        -certfile AmazonRootCA1.pem
    

    You can then use the generated certificate and password in your AWS IoT Gateway driver configuration:

    AWS IoT Gateway connector PFX certificate

  6. Click the ADD DRIVER button on the left hand side to add this driver configuration. Once added, the driver interface name should appear in the list of drivers.

    Add driver button

10 - Publish Selected Tags in AWS IoT Gateway connector

In this step you will select the Tags that you want to publish to the AWS IoT Core broker in the AWS IoT Publisher driver configuration.

  1. In the Configure > Drivers screen, select the AWS IoT Core driver instance that you created in the previous section (for example AWS IoT Core Connection 1).

  2. Make sure the Publish Selected Tags checkbox is ticked.

    Publish selected tags

  3. In the table at the bottom click on the ADD button.

    Publish selected tags ADD button

  4. Select the Tag you want to add in the left hand panel and then ensure the Value property is selected. By default the name of the property will be the full Tag path (e.g. TemperatureSensor.Value). If you want to set your own property name, you can change the Id field to your own custom value.

    Tag browser

  5. The Tag has now been added to the list. You can add other Tags by repeating steps 3 and 4.

    Tag browser

  6. Click on the Apply Changes button.

11 - Verify Messages are Published to AWS IoT Core

In this step you will confirm that OAS is successfully publishing your selected Tags to AWS IoT Core. By default, the publishing type is set to Continuous and the interval is 10 seconds.

  1. Login to the AWS Console and select the AWS IoT service.

  2. Under the Test menu select MQTT test client.

  3. The default topic will be oas_tags. To check that we can receive messages on this topic, provide this topic name in the Topic filter text box and then click on the Subscribe button.

    Subscribe to oas_tags topic

  4. In the Subscriptions section you should see the MQTT payload being published.

    Verify received messages

Info

The AWS IoT Gateway Publish Selected Tags feature has many different properties that can be configured to change when data is sent, how the payload is structured and which tag parameters are included.

For more information see: Publish Data to AWS IoT Core

12 - Save Changes

Once you have successfully configured your OAS instances, make sure you save your configuration.

On each configuration page, click on the Save button.

If this is the first time you are saving the configuration, or if you are changing the name of the configuration file, OAS will ask you if you want to change the default configuration file.

If you select Yes then OAS will make this configuration file the default and if the OAS service is restarted then this file will be loaded on start-up.

If you select No then OAS will still save your configuration file, but it will not be the default file that is loaded on start-up.

Change Default Configuration Files dialog

Important

Each configuration screen has an independent configuration file except for the Tags and Drivers configurations, which share the same configuration file. It is still important to click on the Save button whenever you make any changes.

For more information see: Save and Load Configuration

Info

  • On Windows the configuration files are stored in C:\ProgramData\OpenAutomationSoftware\ConfigFiles.
  • On Linux the configuration files are stored in the ConfigFiles subfolder of the OAS installation path.