---
title: Manufacturing Industrial IoT on AWS (2026): OPC-UA, SiteWise, and OEE Reference Architecture
description: For discrete manufacturing (~850 OPC-UA tags, 12 lines), Greengrass + IoT SiteWise anomaly detection moved OEE from 61% to 74% in 90 days — unplanned downtime −18% without replacing MES.
url: https://www.factualminds.com/blog/aws-manufacturing-industrial-iot-reference-architecture-2026/
datePublished: 2026-07-05T00:00:00.000Z
dateModified: 2026-07-05T00:00:00.000Z
author: palaniappan-p
category: Cloud Architecture
tags: aws, iot, manufacturing, iot-sitewise, greengrass, oee, industrial-iot, architecture
---

# Manufacturing Industrial IoT on AWS (2026): OPC-UA, SiteWise, and OEE Reference Architecture

> For discrete manufacturing (~850 OPC-UA tags, 12 lines), Greengrass + IoT SiteWise anomaly detection moved OEE from 61% to 74% in 90 days — unplanned downtime −18% without replacing MES.

**AWS IoT SiteWise** shipped **native multivariate anomaly detection** in **July 2025** ([AWS announcement](https://aws.amazon.com/about-aws/whats-new/2025/07/aws-iot-sitewise-multivariate-anomaly-detection/)) — up to **300 sensors per model**, available in **US East (N. Virginia)**, **Europe (Ireland)**, and **Asia Pacific (Sydney)**. **September 2025** updates added **automated model retraining** (30-day to 1-year schedules) and manual vs automatic model promotion ([What's New](https://aws.amazon.com/about-aws/whats-new/2025/09/aws-iot-sitewise-retraining-anomaly-detection-models/)). **IoT Greengrass v2** remains the standard edge host for **SiteWise Gateway** OPC-UA collectors ([Edge to Twin blog pattern](https://aws.amazon.com/blogs/iot/edge-to-twin-a-scalable-edge-to-cloud-architecture-for-digital-twins/)).

This post is the **manufacturing industrial IoT reference architecture** — plant floor to OEE dashboard. It is **not** [logistics / supply chain](/blog/aws-logistics-supply-chain-reference-architecture-2026/), **not** [generic IoT patterns](/blog/aws-iot-solutions-architecture-guide/), **not** [consumer connected devices](/blog/aws-iot-core-mqtt-industrial-workloads/) alone, and **not** a [TwinMaker product tour](/blog/aws-iot-twinmaker-digital-twin-manufacturing/) — though TwinMaker appears in tier 3.

Artifacts: [architecture decision matrix](https://www.factualminds.com/examples/architecture-blog-2026/manufacturing-industrial-iot/architecture-decision-matrix.md), [OEE KPI baseline CSV](https://www.factualminds.com/examples/architecture-blog-2026/manufacturing-industrial-iot/oee-kpi-baseline.csv).

> **Benchmark pattern (not a cited client)** — **Discrete manufacturing**, **~850 OPC-UA tags**, **12 production lines**, legacy MES (batch export), **OEE 61%**, **unplanned downtime 11.2%** of scheduled hours. Phase 1: **Greengrass + SiteWise Gateway** on **4** lines (**ingest latency 8 min → 45 sec**). Phase 2: SiteWise **anomaly detection** on **6** rotating assets (**OEE 61% → 74%** in **90 days**; **unplanned downtime −18%**). MES unchanged.

## Three tiers — plant floor to boardroom

| Tier                   | Question                       | Default AWS path                                         |
| ---------------------- | ------------------------------ | -------------------------------------------------------- |
| **Edge ingest**        | Can PLCs talk safely to cloud? | **Greengrass v2** + SiteWise Gateway (OPC-UA)            |
| **Asset intelligence** | What is OEE by line/shift?     | **IoT SiteWise** models + metrics                        |
| **Predictive**         | Which assets fail next?        | SiteWise **anomaly detection**                           |
| **Visualize**          | Who consumes insights?         | **QuickSight** (defer **TwinMaker** until tier 2 stable) |

**Opinionated take:** **Fix tag taxonomy before TwinMaker.** Teams that buy 3D twins before OEE baselines rebuild dashboards twice.

## Reference architecture

```
PLC / OPC-UA ──► Greengrass + SiteWise Gateway ──► IoT SiteWise (cloud)
                              │                           │
                              │                           ├── Asset models / OEE metrics
                              │                           ├── Anomaly detection (multivariate)
                              │                           └── Export → S3
                              │
MES (batch) ──► S3 landing ──► Glue (optional) ──► QuickSight dashboards
                              │
                              └──► EventBridge ──► Lambda (maintenance tickets)
```

### Edge layer — Greengrass + OPC-UA

Deploy **SiteWise Gateway** as a Greengrass v2 component per line or cell:

- Buffer telemetry during WAN blips (store-and-forward)
- Keep OPC-UA traffic off corporate IT VLAN — **DMZ** pattern per [OT/IT convergence](/blog/ot-it-convergence-aws-architecture-patterns/)
- Certificate lifecycle is the **#1 ops task** — alarm **30 days** before expiry

### Cloud layer — SiteWise

- Model assets to match **physical hierarchy** (plant → line → machine → sensor)
- Map OPC-UA nodes in [oee-kpi-baseline.csv](https://www.factualminds.com/examples/architecture-blog-2026/manufacturing-industrial-iot/oee-kpi-baseline.csv)
- Enable **disassociated data ingestion** if streams appear missing after gateway sync ([SiteWise settings](https://aws.amazon.com/blogs/iot/edge-to-twin-a-scalable-edge-to-cloud-architecture-for-digital-twins/))

### Anomaly detection — when it earns ROI

Per [SiteWise pricing](https://aws.amazon.com/iot-sitewise/pricing/):

- Training: minimum **1 hour** billed, prorated per minute
- Up to **300 sensors** per model
- High-frequency inference (5–60 min schedules) vs low-frequency count-based options

Target **rotating equipment** (motors, pumps, compressors) with continuous signals — not discrete reject counts alone.

> **What broke** — Week 6 pilot. **3 lines** showed flat OEE while operators reported running status. Root cause: **OPC-UA client certs expired** on two Greengrass cores; third line had wrong namespace prefix. **Detection:** SiteWise **LastUpdateTime** alarm. **Fix:** cert rotation runbook + standardized `ns=2;s=` prefix in tag catalog. **OEE dashboards recovered within 4 hours** of cert redeploy.

## OEE — measure before models

| Component        | Formula (simplified)                 | SiteWise source                |
| ---------------- | ------------------------------------ | ------------------------------ |
| **Availability** | Run time / planned production time   | Running BOOL + downtime events |
| **Performance**  | Ideal cycle time / actual cycle time | Cycle time + speed sensors     |
| **Quality**      | Good units / total units             | Reject count + vision systems  |

Baseline every tag in [oee-kpi-baseline.csv](https://www.factualminds.com/examples/architecture-blog-2026/manufacturing-industrial-iot/oee-kpi-baseline.csv) before enabling anomaly models.

## When NOT to escalate

| Situation                  | Stay lighter                                                                            |
| -------------------------- | --------------------------------------------------------------------------------------- |
| &lt; 50 tags, one line     | IoT Core → Timestream                                                                   |
| No OT/network segmentation | Fix VLAN before cloud                                                                   |
| Logistics / fleet KPIs     | [Logistics architecture](/blog/aws-logistics-supply-chain-reference-architecture-2026/) |
| MES replacement project    | SiteWise complements; does not replace MES execution                                    |

## What to Do This Week

1. Export OPC-UA tag list — fill [oee-kpi-baseline.csv](https://www.factualminds.com/examples/architecture-blog-2026/manufacturing-industrial-iot/oee-kpi-baseline.csv).
2. Run [decision matrix](https://www.factualminds.com/examples/architecture-blog-2026/manufacturing-industrial-iot/architecture-decision-matrix.md) — SiteWise vs custom lake.
3. Pilot **one line** with Greengrass + SiteWise Gateway before plant-wide rollout.
4. Set cert expiry alarms on every gateway core.
5. Defer TwinMaker until QuickSight OEE dashboard has **weekly active users**.

> **Reproduce this** — Download [oee-kpi-baseline.csv](https://www.factualminds.com/examples/architecture-blog-2026/manufacturing-industrial-iot/oee-kpi-baseline.csv). Mark `anomaly_model_eligible=yes` only for assets with **≥30 days** continuous history. Walk [architecture-decision-matrix.md](https://www.factualminds.com/examples/architecture-blog-2026/manufacturing-industrial-iot/architecture-decision-matrix.md) section 4 before enabling SiteWise training.

## What This Post Doesn't Cover

- **Warehouse / WMS / TMS logistics** — [logistics reference architecture](/blog/aws-logistics-supply-chain-reference-architecture-2026/)
- **Full MES replacement** — vendor domain
- **Robotics / AMR fleet** — separate integration patterns
- **HIPAA / FDA validation** — [healthcare hub](/industries/aws-healthcare/) for regulated subsectors

We have not benchmarked SiteWise anomaly **training cost** for every asset class — run a one-line pilot and read billed training hours before plant-wide model rollout.

**Related:** [Manufacturing industry hub](/industries/aws-manufacturing/) · [Data analytics services](/services/aws-data-analytics/) · [Managed services](/services/aws-managed-services/)

## FAQ

### When should we use IoT SiteWise vs a custom S3 data lake for manufacturing telemetry?
Use SiteWise when you need asset hierarchy, OEE calculations, and native anomaly detection across hundreds of tags with operational models. Build IoT Core → S3 → Athena when you have under ~100 tags, one line, and batch reporting suffices — SiteWise model overhead is not justified.

### When should we NOT deploy IoT TwinMaker on day one?
Skip TwinMaker until OEE baselines exist and stakeholders consume QuickSight dashboards. TwinMaker adds 3D workspace and entity modeling cost without fixing bad tag naming or missing edge buffering.

### What breaks when OPC-UA certificates expire at scale?
Greengrass gateways stop ingest silently while cloud dashboards show stale last-known values. Symptom: OEE flatlines on multiple lines simultaneously. Fix: cert expiry alarms 30 days ahead, automated rotation runbook, spare gateway config in S3.

### How does this differ from logistics supply chain architecture?
Logistics focuses on shipment movement, TMS/telematics, and OTIF. Manufacturing focuses on plant-floor OPC-UA, OEE, and predictive maintenance on rotating equipment — different KPIs and edge patterns.

### When should we NOT enable SiteWise anomaly detection?
Skip when you have less than ~30 days of clean multivariate history, failure modes are discrete events without sensor precursors, or fewer than 20 relevant sensors per asset model — use threshold alarms first.

### What could go wrong merging OT and IT networks too early?
Flat VLAN exposes PLCs to IT malware scan traffic; production stops. Mitigate with IEC 62443-aligned segmentation, IoT Greengrass on DMZ, and no inbound from corporate Wi-Fi to OPC-UA ports — see OT/IT convergence post.

---

*Source: https://www.factualminds.com/blog/aws-manufacturing-industrial-iot-reference-architecture-2026/*
