AWS for Manufacturing & Industrial IoT

Why Manufacturing Is Moving to AWS

Modern manufacturing faces a unique challenge: decades of operational technology (OT) infrastructure — PLCs, SCADA systems, DCS controllers, industrial historians — that was designed for isolation, not connectivity. At the same time, competitive pressure demands real-time visibility into equipment performance, predictive maintenance to eliminate unplanned downtime, and supply chain intelligence that only cloud-scale analytics can deliver.

AWS is the leading cloud platform for Industrial IoT and smart manufacturing. The platform combines:

• AWS IoT Core — Managed MQTT/HTTPS broker that securely connects industrial devices at scale, handling billions of messages per month without servers to manage
• AWS IoT Greengrass v2 — Edge runtime that runs AWS Lambda components, ML inference, and data processing directly on factory-floor gateways — enabling real-time responses even when connectivity to AWS is interrupted
• Amazon Kinesis Data Streams — Real-time ingestion and processing of high-volume machine telemetry streams
• Amazon Data Firehose — Streaming delivery of telemetry data to S3 data lakes for archival and batch analytics (the service formerly known as Kinesis Data Firehose)
• AWS IoT SiteWise — Purpose-built service for collecting, organizing, and analyzing industrial equipment data with built-in asset modeling, OPC-UA connectivity, and native anomaly detection
• Amazon Managed Service for Apache Flink — Real-time stream processing for complex event detection, time-windowed aggregations, and stateful telemetry analytics

OT/IT Convergence Architecture

The central challenge in manufacturing cloud adoption is safely bridging OT networks (which operate production equipment) and IT networks (which connect business systems) without exposing critical industrial control systems to unnecessary risk.

Reference Architecture

Factory Floor (OT Network — ISA-95 Levels 0-2)
├── PLCs / DCS Controllers
├── SCADA Systems
├── Industrial Sensors (vibration, temperature, pressure)
└── OPC-UA / Modbus / MQTT industrial protocols
         ↓ (Purdue Model DMZ / Industrial Firewall)
Edge Layer (ISA-95 Level 2-3)
├── AWS IoT Greengrass Gateway
│   ├── Protocol translation (OPC-UA → MQTT)
│   ├── Local ML inference (anomaly detection)
│   ├── Edge buffering (offline-first design)
│   └── Secure tunnel for remote maintenance
         ↓ (TLS 1.3, certificate-based auth)
AWS Cloud (IT Network)
├── AWS IoT Core (device connectivity + shadow state)
├── Amazon Kinesis Data Streams (real-time telemetry ingestion)
├── Amazon Data Firehose (streaming delivery to S3 data lake)
├── Amazon Managed Service for Apache Flink (real-time analytics)
├── IoT SiteWise (asset modeling + time-series storage)
├── S3 Data Lake (raw + processed telemetry archive)
├── AWS Glue + Athena (ETL + ad-hoc analytics)
└── Amazon QuickSight (OEE dashboards + alerts)

This architecture follows the Purdue Enterprise Reference Architecture (PERA) model — maintaining clear separation between OT and IT layers while enabling controlled data flow upward from the factory floor to cloud analytics.

Greengrass Edge Design Principles

AWS IoT Greengrass gateways are the critical junction point between factory floor and cloud. Production-grade deployments require:

• Offline-first operation — Factory equipment cannot wait for cloud connectivity. Greengrass runs inference and buffering locally, syncing to AWS when connectivity is available
• Deterministic failsafe — Edge logic must fail safe: if the gateway fails, production equipment continues operating in its last known state, not an undefined state
• Protocol translation at the edge — Industrial protocols (OPC-UA, Modbus, PROFINET) are translated to MQTT at the edge gateway, not in the cloud
• Over-the-air updates — AWS IoT Greengrass supports OTA deployment of updated Lambda functions and ML models to gateways across multiple sites

Predictive Maintenance Use Cases

Unplanned downtime costs discrete manufacturers an average of $260,000 per hour (Aberdeen Research). Predictive maintenance on AWS directly attacks this cost by detecting equipment anomalies before they become failures.

Motor and Rotating Equipment

Vibration analysis is the most mature predictive maintenance signal for motors, pumps, compressors, and fans. AWS IoT SiteWise native anomaly detection can detect:

• Bearing defects — Vibration frequency patterns that indicate early bearing wear (typically detectable 3-6 weeks before failure)
• Imbalance and misalignment — Amplitude changes at running speed harmonics
• Rotor bar defects (for induction motors) — Sideband frequencies around line frequency
• Lubrication issues — High-frequency vibration signals that indicate lack of lubrication

Vibration Sensor → Greengrass v2 (FFT processing at edge)
                → Amazon Kinesis Data Streams
                → IoT SiteWise (asset modeling + native anomaly detection)
                → SNS Alert → CMMS Work Order Creation

Thermal and Process Equipment

For furnaces, heat exchangers, boilers, and process vessels, thermal and pressure sensor fusion enables:

• Hot spot detection — IR camera integration with Rekognition for automated hotspot identification in thermal images
• Fouling detection — Heat exchanger performance degradation from fouling is detectable through thermal efficiency trending before manual inspection would identify it
• Pressure cycling fatigue — Pressure vessel fatigue estimation using cycle counting on pressure historian data

CNC and Machining Equipment

Spindle current signature analysis and servo motor feedback monitoring enables:

• Tool wear prediction — Cutting force estimation from spindle load trends predicts tool life remaining
• Chatter detection — Vibration pattern recognition distinguishes normal cutting from chatter conditions that damage workpiece quality
• Coolant flow monitoring — Pressure and flow rate monitoring detects blockages before they cause thermal damage

Overall Equipment Effectiveness (OEE) Analytics

OEE is the primary KPI for manufacturing operations: OEE = Availability × Performance × Quality. AWS provides the infrastructure to calculate and visualize OEE in real time across multiple lines and sites.

Real-Time OEE Dashboard Architecture

PLC/SCADA → IoT Core → IoT SiteWise → Amazon Managed Service for Apache Flink:
    ├── Availability: Planned uptime vs. actual uptime (downtime categorization)
    ├── Performance: Actual cycle time vs. ideal cycle time
    └── Quality: Good units vs. total units produced
                          ↓
              Amazon QuickSight (live OEE dashboards)
              ↓
              SNS/Pinpoint alerts for OEE drops below threshold

Key design decisions:

• Event-driven downtime capture — Integrate with machine fault codes in real time rather than relying on manual operator entry. PLC fault registers push to IoT Core on state change.
• Shift and product context — OEE calculations require context: which shift, which product, what the scheduled run time was. IoT SiteWise asset models capture this context alongside machine telemetry.
• Pareto analysis — QuickSight dashboards that surface the top 3 downtime reasons per line, per shift, drive the 80/20 improvement focus that makes OEE programs effective.

Visualization note: AWS IoT SiteWise Monitor is in maintenance mode. For new industrial dashboard deployments, build on Amazon Managed Grafana or Amazon QuickSight — existing SiteWise Monitor instances continue to operate, but new visualization projects should target Managed Grafana per current AWS guidance.

Compliance: IEC 62443 and NIST CSF for OT

Industrial control systems operate under different compliance frameworks than IT systems. The two most relevant for AWS-connected manufacturing environments are:

IEC 62443 (Industrial Cybersecurity)

IEC 62443 defines a risk-based security framework for industrial automation and control systems (IACS). Key requirements for AWS-connected manufacturing:

• Zone and conduit model — Define security zones (OT network segments) and conduits (communications paths between zones). AWS IoT Greengrass gateways sit in the conduit between OT and IT zones.
• Security levels (SL 1-4) — Most manufacturing environments target SL 2 (protection against intentional violation using simple means). AWS IoT provides the authentication, encryption, and access control required for SL 2 conduit classification.
• Component patching — IEC 62443-2-3 requires patch management programs. AWS IoT Greengrass OTA updates and AWS Systems Manager for connected servers provide the mechanism.

NIST CSF for OT Environments

NIST Cybersecurity Framework (CSF) applied to OT environments on AWS:

• Identify — AWS Config + IoT Device Defender for asset inventory of connected devices and their security posture
• Protect — VPC network segmentation isolating OT data from corporate IT; KMS encryption for data in transit and at rest; IAM role-based access for factory system integrations
• Detect — IoT Device Defender anomaly detection identifies unusual device behavior (e.g., a sensor sending data at 100x normal frequency — potential sign of compromise or firmware issue)
• Respond — AWS IoT Device Management allows remote isolation of a compromised device without on-site intervention
• Recover — IoT SiteWise data lake in S3 enables full replay of historical telemetry for incident investigation and recovery validation

Energy and Sustainability Analytics

AWS manufacturing customers are using IoT data infrastructure to meet sustainability mandates:

• Energy consumption attribution — Submeter electricity, gas, and compressed air consumption per machine and line using IoT sensors. Athena queries attribute energy cost to each production order.
• Carbon intensity tracking — Combine production output with energy mix data (eGRID factors or real-time utility APIs) to calculate Scope 2 emissions per unit produced — data required for CDP and GHG Protocol reporting.
• Demand response — Integrate with utility demand response programs. QuickSight dashboards identify which non-critical equipment can be load-shifted during peak pricing windows.

Where to Start with Manufacturing on AWS

Most manufacturers begin with a single-line proof of concept: Greengrass gateways, 10–20 sensors, and a real-time OEE dashboard. The 8–12 week scope validates the architecture, builds internal capability, and produces measurable downtime and quality wins.

The expansion path is straightforward — the same Greengrass + IoT Core + SiteWise architecture scales to hundreds of lines across multiple facilities without re-architecture. Whether you are launching a first IoT pipeline or modernizing an existing MES/historian on AWS, our team brings the OT/IT integration experience to deliver outcomes without disrupting production.