Select the item you want to download

    Full name

    Email

    Company

    Country

    Phone

    MQTT AWS IoT Core Industrial: How to Connect PLCs and Sensors Step by Step

    MQTT AWS IoT Core Industrial Connectivity: Why It Matters Now

    The convergence of operational technology and cloud computing is reshaping how industrial facilities manage data. MQTT AWS IoT Core industrial integration has become one of the most sought-after architectures for engineers who need reliable, scalable, and cost-effective connectivity between plant-floor devices and cloud-based analytics platforms. Whether you are running a Siemens S7-1500 PLC on a production line, a Schneider Electric energy meter in a substation, or a Rockwell Automation ControlLogix system in a discrete manufacturing plant, getting that data into AWS IoT Core unlocks powerful capabilities: real-time dashboards, machine learning inference, predictive maintenance, and enterprise-wide visibility. This guide walks you through the full architecture, the challenges you will encounter, and how to solve them systematically using an IIoT gateway approach.

    Understanding the Protocol Stack: MQTT and AWS IoT Core

    MQTT (Message Queuing Telemetry Transport) is a lightweight publish/subscribe messaging protocol designed for constrained environments and low-bandwidth, high-latency networks. Originally developed by IBM for satellite pipeline monitoring, it has become the de facto standard for IIoT data transport. You can read the full protocol specification at mqtt.org, the official MQTT community resource.

    AWS IoT Core is Amazon Web Services’ fully managed cloud service that allows connected devices to interact securely with cloud applications and other devices. It natively supports MQTT 3.1.1 and MQTT 5.0, making it an ideal target endpoint for industrial data pipelines. AWS IoT Core handles device authentication via X.509 certificates, message routing through a rules engine, and seamless integration with AWS Lambda, S3, DynamoDB, Amazon Timestream, and SageMaker for AI/ML workloads.

    The combination of MQTT AWS IoT Core industrial communication creates a pipeline that is both technically robust and operationally practical — but only when the OT-side connectivity is handled correctly. This is where most projects encounter friction.

    The OT-Side Challenge: Why Industrial Devices Cannot Connect Directly

    Industrial PLCs and field devices were not designed to speak MQTT natively. A Siemens S7-300 communicates over S7 protocol. A Rockwell Automation MicroLogix uses EtherNet/IP. A Modbus RTU sensor on a serial RS-485 bus has no IP stack at all. An ABB AC500 PLC may expose OPC DA or OPC UA endpoints but certainly not an MQTT client with TLS 1.2 and certificate-based authentication — which AWS IoT Core mandates.

    The architectural answer is an IIoT Gateway: a software or hardware layer that sits between the plant floor and the cloud, translating industrial protocols into MQTT and managing the northbound connection to AWS IoT Core. This gateway must handle several critical functions:

    • Protocol translation: Read data from Modbus, S7, EtherNet/IP, OPC UA, BACnet, and other industrial protocols and normalize it into MQTT topics.
    • Data filtering and treatment: Apply deadband, scaling, and engineering unit conversions before publishing to avoid flooding the broker with noise.
    • Security: Manage TLS certificates, private keys, and secure credential storage — none of which a field PLC can do independently.
    • Store and Forward: Buffer data locally when the internet connection is interrupted and retransmit without data loss once connectivity is restored — a non-negotiable requirement in industrial environments where WAN links are not guaranteed.
    • Redundancy: Ensure that a gateway hardware failure does not create a data gap in cloud historical records.

    Step-by-Step Architecture for MQTT AWS IoT Core Industrial Integration

    Step 1 — Inventory Your Field Devices and Protocols

    Begin by documenting every data source on the plant floor. Identify the communication protocol, network address, data rate, and the specific tags or registers you need. For example: a Siemens S7-1500 CPU 1516 with 200 process variables via S7 protocol; a Schneider Electric PowerLogic PM8000 power meter over Modbus TCP; and a legacy ABB VIP AC 500 drive system using the ABB VIP protocol. This inventory directly determines which protocol drivers your IIoT gateway must support.

    Step 2 — Provision Your AWS IoT Core Environment

    In your AWS account, navigate to IoT Core and create a Thing representing your gateway. Download the device certificate, private key, and the Amazon Root CA certificate. Create an IoT Policy that grants your Thing permission to publish on the specific MQTT topics you will use — for example, plant/site-a/line-1/#. Define IoT Rules to route incoming messages to downstream services such as Amazon Timestream for time-series storage or AWS Lambda for event-driven processing. AWS provides detailed documentation on this provisioning process in their AWS IoT Core Getting Started Guide.

    Step 3 — Install and Configure Your IIoT Gateway

    Deploy your IIoT gateway software on an appropriate hardware platform — an industrial PC, an embedded ARM device, or a virtual machine in the OT network. The gateway must reside on the same network segment as your PLCs or have routed access to them. Configure the southbound data acquisition connections: add a Siemens S7 driver pointing to the CPU 1516 IP address, a Modbus TCP driver for the Schneider PM8000, and any other required protocol adapters. Map the tags you identified in Step 1.

    Step 4 — Configure the MQTT Client for AWS IoT Core

    This is where MQTT AWS IoT Core industrial configuration requires precision. In your gateway’s MQTT module, create a new MQTT broker connection with the following parameters:

    • Broker endpoint: Your AWS IoT Core custom endpoint (format: xxxxxxxxxxxxxxx-ats.iot.region.amazonaws.com)
    • Port: 8883 (MQTT over TLS)
    • Client ID: Must match the Thing name registered in AWS IoT Core
    • TLS/SSL: Enabled, with the device certificate (.pem.crt), private key (.pem.key), and Root CA certificate loaded
    • QoS Level: QoS 1 (at least once delivery) is recommended for industrial data to ensure no message is dropped
    • Keep-alive interval: 60 seconds is a safe default for most WAN connections

    Define your MQTT topic structure thoughtfully. A well-designed topic hierarchy such as plant/{site}/{area}/{device}/{tag} makes AWS IoT Rules filtering and downstream routing far more manageable as your deployment scales.

    Step 5 — Enable Store and Forward

    Network interruptions happen in industrial environments — scheduled maintenance windows, WAN link failures, cellular coverage drops in remote sites. Without Store and Forward, every second of connectivity loss is a second of data loss in your AWS cloud historian. Configure your gateway’s Store and Forward buffer to persist MQTT messages locally (typically to disk) during outages. When the connection to AWS IoT Core is re-established, the gateway automatically replays the buffered messages in chronological order, ensuring your time-series data in Amazon Timestream or DynamoDB remains complete and accurate.

    Step 6 — Validate Data Flow and Security

    Use the AWS IoT Core MQTT test client in the AWS Management Console to subscribe to your topic hierarchy and verify that messages are arriving at the expected rate and format. Validate that your JSON payloads contain correct tag names, engineering values, quality flags, and ISO 8601 timestamps. Review CloudWatch metrics to monitor connection stability. From the OT side, confirm that the gateway is correctly polling your Siemens, Rockwell, and Schneider devices and that tag values match the physical process.

    Security Considerations for MQTT AWS IoT Core Industrial Deployments

    Security in MQTT AWS IoT Core industrial deployments spans both the OT and cloud domains. On the cloud side, AWS IoT Core enforces mutual TLS authentication — both the server and the device must present valid certificates. Never use symmetric key authentication for production industrial deployments. Rotate certificates on a scheduled basis and use AWS IoT Device Defender to detect anomalous behavior.

    On the OT side, the gateway should be deployed in a demilitarized zone (DMZ) between the plant network and the enterprise/internet network, consistent with the ISA/IEC 62443 industrial cybersecurity standard. The gateway’s outbound MQTT connection to AWS IoT Core on port 8883 should be the only permitted egress rule from the OT DMZ to the internet. No inbound connections from the cloud to the plant network should be required or permitted.

    Consider also the sensitivity of the data. Production throughput, energy consumption, and machine performance data can be commercially sensitive. Implement payload encryption at the application level for the most sensitive tags, and use AWS IoT Core’s fine-grained topic policies to enforce least-privilege access between different Things and applications.

    Scaling the Architecture: Multi-Site and High-Availability Deployments

    A single-plant proof of concept quickly evolves into a multi-site enterprise deployment. In this scenario, each facility — whether running Rockwell Automation ControlLogix systems in North America, Siemens TIA Portal machines in Europe, or ABB robotics cells in Asia — deploys a local IIoT gateway instance. Each gateway connects autonomously to AWS IoT Core under a consistent topic namespace. AWS IoT Core scales to billions of messages per day with no infrastructure management required on your part.

    High availability at the gateway level is equally important. A single gateway node is a single point of failure. A Primary + Backup redundancy architecture ensures that if the primary gateway node fails, the backup automatically assumes all data acquisition and MQTT publishing responsibilities without manual intervention and without data loss, thanks to coordinated Store and Forward buffers.

    How vNode Solves This

    vNode Automation’s IIoT Gateway is purpose-built to address every challenge described in this guide. Here is how vNode makes MQTT AWS IoT Core industrial integration production-ready from day one:

    • Native MQTT Client with Store and Forward: vNode’s MQTT Module includes a fully integrated Store and Forward engine. When the WAN link to AWS IoT Core drops, vNode persists all tag data locally and retransmits it automatically when the connection recovers — guaranteeing zero data loss in your cloud historian, whether that is Amazon Timestream, DynamoDB, or a third-party time-series database.
    • Unlimited Tags, No Licensing Penalty: Unlike competing gateways that charge per tag or per data point, vNode has no tag-based licensing. Connect all 200 variables from your Siemens S7-1500, all 150 registers from your Schneider PowerLogic meter, and all 80 parameters from your ABB drives — without any additional cost. This fundamentally changes the economics of large-scale IIoT deployments.
    • Multi-Protocol Southbound Connectivity: vNode supports Siemens S7 (300/400/1200/1500), Modbus TCP/RTU, EtherNet/IP, OPC UA, OPC DA, BACnet, DNP3, ABB VIP, REST API, and many more — all in a single platform. No separate protocol converter hardware required.
    • AWS IoT Core Ready: vNode’s MQTT Module supports TLS 1.2/1.3, X.509 certificate authentication, configurable QoS levels, and custom topic structures — everything AWS IoT Core requires for secure device onboarding.
    • Built-in Redundancy: vNode’s Redundancy Module provides automatic Primary/Backup failover. If your primary gateway node fails, the backup takes over all MQTT publishing to AWS IoT Core seamlessly, ensuring continuous data flow to your cloud applications, SCADA, MES, and AI/ML platforms.
    • No Programming Required: Configuration is entirely web-based. Add a device, map your tags, configure your MQTT broker connection with the AWS IoT Core endpoint and certificates, and you are publishing data to the cloud in minutes — no scripting, no coding, no specialist integrator required.

    vNode runs on Windows, Linux, and ARM embedded platforms, making it deployable on industrial PCs, Raspberry Pi-class edge devices, or virtualized OT infrastructure. The vNode User Manual provides complete step-by-step configuration instructions for connecting to AWS IoT Core, including certificate import procedures and topic configuration best practices.

    If you are planning a cloud connectivity project — whether a single-site pilot or a global multi-facility rollout — contact the vNode team to discuss your architecture requirements. The combination of MQTT AWS IoT Core industrial protocol expertise and vNode’s zero-data-loss gateway platform is the fastest path from plant-floor data to cloud-powered intelligence.

    Descarga el Caso de Éxito

    Download Success Story

    Descarga el Caso de Éxito

    Download Success Story

    Request your free vNode license
    Checkboxes

    *Demo License

    Download Success Story

    Descarga el Caso de Éxito

    Prueba gratis vNode durante 30 días

    Try vNode for Free for 30 days

    Open chat
    Hello 👋
    Can we help you?