Cloud

Industrial IoT meets AWS Cloud

Ignition AWS IoT Integration: Cloud-Connected Industrial Data

Connect Ignition SCADA to AWS IoT Core for secure, scalable cloud ingestion of industrial data. Route real-time sensor readings to Amazon S3, Lambda, Timestream, and SageMaker using the IoT Rules Engine.

Overview

Ignition AWS IoT integration bridges the gap between on-premise SCADA systems and the AWS cloud ecosystem. By leveraging the MQTT Transmission module, Ignition publishes industrial data directly to AWS IoT Core, enabling centralized monitoring, advanced analytics, and machine learning at scale.

AWS IoT Core acts as a fully managed MQTT broker with built-in device authentication via X.509 certificates. Once data reaches the cloud, the IoT Rules Engine routes messages to downstream services such as Amazon S3 for storage, AWS Lambda for serverless processing, and Amazon Timestream for time-series analytics.

Key Benefits

Secure TLS 1.2 connectivity with X.509 certificate authentication
Fully managed MQTT broker with automatic scaling
IoT Rules Engine for flexible data routing
Native integration with 20+ AWS services
Device Shadow for offline state synchronization

Ignition AWS IoT Architecture

Data flows from Ignition Gateway through MQTT Transmission to AWS IoT Core, then the Rules Engine distributes messages to storage, compute, and analytics services.

┌──────────────┐     ┌─────────────────┐     ┌───────────────┐
│   Ignition   │     │  MQTT           │     │  AWS IoT      │
│   Gateway    │────▶│  Transmission   │────▶│  Core         │
│              │     │  Module         │     └───────┬───────┘
└──────────────┘     └─────────────────┘             │
                                              ┌──────┴───────┐
                                              │  IoT Rules   │
                                              │  Engine      │
                                              └──────┬───────┘
                                          ┌──────────┼──────────┐
                                     ┌────┴────┐ ┌───┴───┐ ┌───┴────┐
                                     │   S3    │ │Lambda │ │Timestr.│
                                     └─────────┘ └───────┘ └────────┘

Configuration Steps

Step 1: Create an AWS IoT Thing

Register your Ignition gateway as a Thing in AWS IoT Core. This creates a device identity and attaches a security policy that authorizes MQTT publish and subscribe operations.

# Create a Thing in AWS IoT Core
aws iot create-thing --thing-name "IgnitionGateway01"

# Create and attach a permissive IoT policy
aws iot create-policy --policy-name "IgnitionPolicy" --policy-document '{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:Connect",
        "iot:Publish",
        "iot:Subscribe",
        "iot:Receive"
      ],
      "Resource": "arn:aws:iot:us-east-1:123456789012:*"
    }
  ]
}'

Step 2: Generate and Configure Certificates

AWS IoT Core requires mutual TLS authentication with X.509 certificates. Generate a certificate and key pair, attach the policy, and download the Amazon Root CA for server verification.

# Create keys and certificate
aws iot create-keys-and-certificate \
  --set-as-active \
  --certificate-pem-outfile "ignition-cert.pem" \
  --public-key-outfile "ignition-public.key" \
  --private-key-outfile "ignition-private.key"

# Attach the policy to the certificate
aws iot attach-policy \
  --policy-name "IgnitionPolicy" \
  --target "arn:aws:iot:us-east-1:123456789012:cert/<certificate-id>"

# Attach the certificate to the Thing
aws iot attach-thing-principal \
  --thing-name "IgnitionGateway01" \
  --principal "arn:aws:iot:us-east-1:123456789012:cert/<certificate-id>"

# Download Amazon Root CA
curl -o AmazonRootCA1.pem \
  https://www.amazontrust.com/repository/AmazonRootCA1.pem

Step 3: Configure the MQTT Transmission Module

In the Ignition Gateway web interface, configure the MQTT Transmission module to connect to your AWS IoT Core endpoint using the certificates generated in the previous step.

# MQTT Transmission Module Settings (Ignition Gateway Config)
# ─────────────────────────────────────────────────────────────
# Server URL:    ssl://<your-iot-endpoint>.iot.us-east-1.amazonaws.com:8883
# Client ID:     IgnitionGateway01
# CA Certificate: AmazonRootCA1.pem
# Client Cert:   ignition-cert.pem
# Private Key:   ignition-private.key
# Topic:         ignition/plant01/data
# QoS:           1 (At least once)
# Keep Alive:    60 seconds

# Verify your endpoint
aws iot describe-endpoint --endpoint-type iot:Data-ATS
# Returns: "<account-id>-ats.iot.<region>.amazonaws.com"

Step 4: Create IoT Rules for Data Routing

Define AWS IoT Rules that filter and route incoming MQTT messages to downstream services. Use SQL-like syntax to select specific data fields and trigger actions in S3, Lambda, or Timestream.

# Create an IoT Rule to route data to Timestream
aws iot create-topic-rule --rule-name "IgnitionToTimestream" \
  --topic-rule-payload '{
    "sql": "SELECT temperature, pressure, flow_rate, timestamp() AS time FROM '\''ignition/plant01/data'\''",
    "actions": [
      {
        "timestream": {
          "roleArn": "arn:aws:iam::123456789012:role/IoTTimestreamRole",
          "databaseName": "IndustrialDB",
          "tableName": "SensorReadings",
          "dimensions": [
            { "name": "plant", "value": "plant01" },
            { "name": "gateway", "value": "IgnitionGateway01" }
          ]
        }
      },
      {
        "s3": {
          "roleArn": "arn:aws:iam::123456789012:role/IoTS3Role",
          "bucketName": "ignition-raw-data",
          "key": "plant01/${topic()}/${timestamp()}.json"
        }
      }
    ]
  }'

Key Features

Secure TLS Communication

All data transmitted between Ignition and AWS IoT Core is encrypted using TLS 1.2 with mutual X.509 certificate authentication, ensuring end-to-end security for industrial data in transit.

IoT Rules Engine

AWS IoT Rules Engine evaluates incoming MQTT messages using SQL-like queries and routes data to over 20 AWS services including Lambda, S3, Timestream, SNS, and SQS without writing any code.

Device Shadow / Digital Twin

AWS IoT Device Shadows maintain a virtual representation of your Ignition gateway state, enabling applications to read and write device state even when the gateway is temporarily offline.

Scalable Cloud Storage

Route industrial data to Amazon S3 for cost-effective long-term storage and Amazon Timestream for high-performance time-series queries, scaling automatically from thousands to billions of data points.

Use Cases

Energy & Utilities

Remote Asset Monitoring

Monitor geographically distributed industrial assets from a centralized AWS dashboard. Ignition Edge gateways at each site publish sensor data to AWS IoT Core, enabling real-time visibility and alerting across all locations without VPN infrastructure.

Manufacturing

Predictive Maintenance with SageMaker

Stream vibration, temperature, and operational data from Ignition to AWS IoT Core, then route it to Amazon SageMaker for machine learning model training and inference. Detect equipment anomalies before failures occur and reduce unplanned downtime by up to 50%.

Food & Beverage

Multi-Site Cloud Analytics

Aggregate production data from multiple Ignition gateways into Amazon Timestream and visualize cross-plant KPIs using Amazon QuickSight. Compare OEE, energy consumption, and quality metrics across facilities for continuous improvement initiatives.

Technologies

AWS IoT Core

Fully managed MQTT broker service that securely connects IoT devices to the AWS cloud and scales automatically to support billions of messages.

MQTT Transmission

Cirrus Link module for Ignition that publishes tag data via MQTT protocol, supporting Sparkplug B encoding and custom topic structures.

AWS Lambda

Serverless compute service that runs code in response to IoT events, enabling real-time data transformation, enrichment, and alert generation without managing servers.

Amazon S3

Highly durable object storage for raw industrial data archiving, data lake construction, and long-term retention with configurable lifecycle policies.

Amazon Timestream

Purpose-built time-series database that handles trillions of daily events with built-in analytics functions, ideal for industrial sensor data queries and dashboarding.

Frequently Asked Questions

Find answers to common questions about this integration.

The Cirrus Link MQTT Transmission module is required to publish data from Ignition to AWS IoT Core. For receiving cloud commands, the MQTT Engine module is also recommended. Both modules support TLS 1.2 and X.509 certificate authentication required by AWS IoT Core.

AWS IoT Core pricing is based on connectivity (per million minutes), messaging (per million messages), and rules engine triggers. Typical industrial deployments sending data every second cost approximately $10-50/month per gateway. The MQTT Transmission module requires a separate license from Cirrus Link.

Yes, the MQTT Transmission module supports Sparkplug B encoding natively. However, AWS IoT Core processes Sparkplug B messages as binary payloads. You can use AWS Lambda to decode Sparkplug B protobuf messages, or configure MQTT Transmission to publish in JSON format for direct processing by the IoT Rules Engine.

Yes, the integration includes multiple reliability mechanisms. MQTT QoS 1 ensures at-least-once delivery, the MQTT Transmission module provides store-and-forward buffering during network outages, and AWS IoT Core offers 99.9% availability SLA. For mission-critical data, configure local historian storage in Ignition as a fallback.

Ready to Get Started?

Contact our team of experts to discuss your integration needs and get a customized solution.

Get in Touch View All Integrations