Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The provisioningServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Devices/provisioningServices resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Devices/provisioningServices@2020-09-01-preview' = {
etag: 'string'
identity: {
identityType: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
___location: 'string'
name: 'string'
properties: {
allocationPolicy: 'string'
authorizationPolicies: [
{
keyName: 'string'
primaryKey: 'string'
rights: 'string'
secondaryKey: 'string'
}
]
encryption: {
identity: {
userAssignedIdentity: 'string'
}
keySource: 'string'
keyVaultProperties: [
{
keyIdentifier: 'string'
}
]
}
iotHubs: [
{
allocationWeight: int
applyAllocationPolicy: bool
connectionString: 'string'
___location: 'string'
}
]
ipFilterRules: [
{
action: 'string'
filterName: 'string'
ipMask: 'string'
target: 'string'
}
]
privateEndpointConnections: [
{
properties: {
privateEndpoint: {}
privateLinkServiceConnectionState: {
actionsRequired: 'string'
description: 'string'
status: 'string'
}
}
}
]
provisioningState: 'string'
publicNetworkAccess: 'string'
state: 'string'
}
sku: {
capacity: int
name: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property Values
ArmIdentity
| Name | Description | Value |
|---|---|---|
| identityType | Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned. | string |
| userAssignedIdentities | The set of UserAssigned identities associated with the IoT DPS resource. | ArmIdentityUserAssignedIdentities |
ArmIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
ArmUserIdentity
| Name | Description | Value |
|---|
EncryptionKeyIdentity
| Name | Description | Value |
|---|---|---|
| userAssignedIdentity | The user assigned identity. | string |
EncryptionPropertiesDescription
| Name | Description | Value |
|---|---|---|
| identity | The identity used to access the encryption key in KeyVault. | EncryptionKeyIdentity |
| keySource | The source of the encryption key. Typically, Microsoft.KeyVault | string |
| keyVaultProperties | The properties of the encryption key configured in KeyVault. | KeyVaultKeyProperties[] |
IotDpsPropertiesDescription
| Name | Description | Value |
|---|---|---|
| allocationPolicy | Allocation policy to be used by this provisioning service. | 'GeoLatency' 'Hashed' 'Static' |
| authorizationPolicies | List of authorization keys for a provisioning service. | SharedAccessSignatureAuthorizationRuleAccessRightsDescription[] |
| encryption | The encryption properties for the IoT DPS instance. | EncryptionPropertiesDescription |
| iotHubs | List of IoT hubs associated with this provisioning service. | IotHubDefinitionDescription[] |
| ipFilterRules | The IP filter rules. | IpFilterRule[] |
| privateEndpointConnections | Private endpoint connections created on this IotHub | PrivateEndpointConnection[] |
| provisioningState | The ARM provisioning state of the provisioning service. | string |
| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' |
| state | Current state of the provisioning service. | 'Activating' 'ActivationFailed' 'Active' 'Deleted' 'Deleting' 'DeletionFailed' 'FailingOver' 'FailoverFailed' 'Resuming' 'Suspended' 'Suspending' 'Transitioning' |
IotDpsSkuInfo
| Name | Description | Value |
|---|---|---|
| capacity | The number of units to provision | int |
| name | Sku name. | 'S1' |
IotHubDefinitionDescription
| Name | Description | Value |
|---|---|---|
| allocationWeight | weight to apply for a given iot h. | int |
| applyAllocationPolicy | flag for applying allocationPolicy or not for a given iot hub. | bool |
| connectionString | Connection string of the IoT hub. | string (required) |
| ___location | ARM region of the IoT hub. | string (required) |
IpFilterRule
| Name | Description | Value |
|---|---|---|
| action | The desired action for requests captured by this rule. | 'Accept' 'Reject' (required) |
| filterName | The name of the IP filter rule. | string (required) |
| ipMask | A string that contains the IP address range in CIDR notation for the rule. | string (required) |
| target | Target for requests captured by this rule. | 'all' 'deviceApi' 'serviceApi' |
KeyVaultKeyProperties
| Name | Description | Value |
|---|---|---|
| keyIdentifier | The identifier of the key. | string |
Microsoft.Devices/provisioningServices
| Name | Description | Value |
|---|---|---|
| etag | The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. | string |
| identity | The managed identities for the IotDps instance. | ArmIdentity |
| ___location | The resource ___location. | string (required) |
| name | The resource name | string (required) |
| properties | Service specific properties for a provisioning service | IotDpsPropertiesDescription (required) |
| sku | Sku info for a provisioning Service. | IotDpsSkuInfo (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
PrivateEndpoint
| Name | Description | Value |
|---|
PrivateEndpointConnection
| Name | Description | Value |
|---|---|---|
| properties | The properties of a private endpoint connection | PrivateEndpointConnectionProperties (required) |
PrivateEndpointConnectionProperties
| Name | Description | Value |
|---|---|---|
| privateEndpoint | The private endpoint property of a private endpoint connection | PrivateEndpoint |
| privateLinkServiceConnectionState | The current state of a private endpoint connection | PrivateLinkServiceConnectionState (required) |
PrivateLinkServiceConnectionState
| Name | Description | Value |
|---|---|---|
| actionsRequired | Actions required for a private endpoint connection | string |
| description | The description for the current state of a private endpoint connection | string (required) |
| status | The status of a private endpoint connection | 'Approved' 'Disconnected' 'Pending' 'Rejected' (required) |
ResourceTags
| Name | Description | Value |
|---|
SharedAccessSignatureAuthorizationRuleAccessRightsDescription
| Name | Description | Value |
|---|---|---|
| keyName | Name of the key. | string (required) |
| primaryKey | Primary SAS key value. | string |
| rights | Rights that this key has. | 'DeviceConnect' 'EnrollmentRead' 'EnrollmentWrite' 'RegistrationStatusRead' 'RegistrationStatusWrite' 'ServiceConfig' (required) |
| secondaryKey | Secondary SAS key value. | string |
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Create an IoT Hub Device Provisioning Service | This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together. |
ARM template resource definition
The provisioningServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Devices/provisioningServices resource, add the following JSON to your template.
{
"type": "Microsoft.Devices/provisioningServices",
"apiVersion": "2020-09-01-preview",
"name": "string",
"etag": "string",
"identity": {
"identityType": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"___location": "string",
"properties": {
"allocationPolicy": "string",
"authorizationPolicies": [
{
"keyName": "string",
"primaryKey": "string",
"rights": "string",
"secondaryKey": "string"
}
],
"encryption": {
"identity": {
"userAssignedIdentity": "string"
},
"keySource": "string",
"keyVaultProperties": [
{
"keyIdentifier": "string"
}
]
},
"iotHubs": [
{
"allocationWeight": "int",
"applyAllocationPolicy": "bool",
"connectionString": "string",
"___location": "string"
}
],
"ipFilterRules": [
{
"action": "string",
"filterName": "string",
"ipMask": "string",
"target": "string"
}
],
"privateEndpointConnections": [
{
"properties": {
"privateEndpoint": {
},
"privateLinkServiceConnectionState": {
"actionsRequired": "string",
"description": "string",
"status": "string"
}
}
}
],
"provisioningState": "string",
"publicNetworkAccess": "string",
"state": "string"
},
"sku": {
"capacity": "int",
"name": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property Values
ArmIdentity
| Name | Description | Value |
|---|---|---|
| identityType | Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned. | string |
| userAssignedIdentities | The set of UserAssigned identities associated with the IoT DPS resource. | ArmIdentityUserAssignedIdentities |
ArmIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
ArmUserIdentity
| Name | Description | Value |
|---|
EncryptionKeyIdentity
| Name | Description | Value |
|---|---|---|
| userAssignedIdentity | The user assigned identity. | string |
EncryptionPropertiesDescription
| Name | Description | Value |
|---|---|---|
| identity | The identity used to access the encryption key in KeyVault. | EncryptionKeyIdentity |
| keySource | The source of the encryption key. Typically, Microsoft.KeyVault | string |
| keyVaultProperties | The properties of the encryption key configured in KeyVault. | KeyVaultKeyProperties[] |
IotDpsPropertiesDescription
| Name | Description | Value |
|---|---|---|
| allocationPolicy | Allocation policy to be used by this provisioning service. | 'GeoLatency' 'Hashed' 'Static' |
| authorizationPolicies | List of authorization keys for a provisioning service. | SharedAccessSignatureAuthorizationRuleAccessRightsDescription[] |
| encryption | The encryption properties for the IoT DPS instance. | EncryptionPropertiesDescription |
| iotHubs | List of IoT hubs associated with this provisioning service. | IotHubDefinitionDescription[] |
| ipFilterRules | The IP filter rules. | IpFilterRule[] |
| privateEndpointConnections | Private endpoint connections created on this IotHub | PrivateEndpointConnection[] |
| provisioningState | The ARM provisioning state of the provisioning service. | string |
| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' |
| state | Current state of the provisioning service. | 'Activating' 'ActivationFailed' 'Active' 'Deleted' 'Deleting' 'DeletionFailed' 'FailingOver' 'FailoverFailed' 'Resuming' 'Suspended' 'Suspending' 'Transitioning' |
IotDpsSkuInfo
| Name | Description | Value |
|---|---|---|
| capacity | The number of units to provision | int |
| name | Sku name. | 'S1' |
IotHubDefinitionDescription
| Name | Description | Value |
|---|---|---|
| allocationWeight | weight to apply for a given iot h. | int |
| applyAllocationPolicy | flag for applying allocationPolicy or not for a given iot hub. | bool |
| connectionString | Connection string of the IoT hub. | string (required) |
| ___location | ARM region of the IoT hub. | string (required) |
IpFilterRule
| Name | Description | Value |
|---|---|---|
| action | The desired action for requests captured by this rule. | 'Accept' 'Reject' (required) |
| filterName | The name of the IP filter rule. | string (required) |
| ipMask | A string that contains the IP address range in CIDR notation for the rule. | string (required) |
| target | Target for requests captured by this rule. | 'all' 'deviceApi' 'serviceApi' |
KeyVaultKeyProperties
| Name | Description | Value |
|---|---|---|
| keyIdentifier | The identifier of the key. | string |
Microsoft.Devices/provisioningServices
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2020-09-01-preview' |
| etag | The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. | string |
| identity | The managed identities for the IotDps instance. | ArmIdentity |
| ___location | The resource ___location. | string (required) |
| name | The resource name | string (required) |
| properties | Service specific properties for a provisioning service | IotDpsPropertiesDescription (required) |
| sku | Sku info for a provisioning Service. | IotDpsSkuInfo (required) |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Devices/provisioningServices' |
PrivateEndpoint
| Name | Description | Value |
|---|
PrivateEndpointConnection
| Name | Description | Value |
|---|---|---|
| properties | The properties of a private endpoint connection | PrivateEndpointConnectionProperties (required) |
PrivateEndpointConnectionProperties
| Name | Description | Value |
|---|---|---|
| privateEndpoint | The private endpoint property of a private endpoint connection | PrivateEndpoint |
| privateLinkServiceConnectionState | The current state of a private endpoint connection | PrivateLinkServiceConnectionState (required) |
PrivateLinkServiceConnectionState
| Name | Description | Value |
|---|---|---|
| actionsRequired | Actions required for a private endpoint connection | string |
| description | The description for the current state of a private endpoint connection | string (required) |
| status | The status of a private endpoint connection | 'Approved' 'Disconnected' 'Pending' 'Rejected' (required) |
ResourceTags
| Name | Description | Value |
|---|
SharedAccessSignatureAuthorizationRuleAccessRightsDescription
| Name | Description | Value |
|---|---|---|
| keyName | Name of the key. | string (required) |
| primaryKey | Primary SAS key value. | string |
| rights | Rights that this key has. | 'DeviceConnect' 'EnrollmentRead' 'EnrollmentWrite' 'RegistrationStatusRead' 'RegistrationStatusWrite' 'ServiceConfig' (required) |
| secondaryKey | Secondary SAS key value. | string |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Create an IOT Hub and Ubuntu edge simulator |
This template creates an IOT Hub and Virtual Machine Ubuntu edge simulator. |
| Create an IoT Hub Device Provisioning Service |
This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together. |
Terraform (AzAPI provider) resource definition
The provisioningServices resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Devices/provisioningServices resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Devices/provisioningServices@2020-09-01-preview"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
___location = "string"
tags = {
{customized property} = "string"
}
body = {
etag = "string"
properties = {
allocationPolicy = "string"
authorizationPolicies = [
{
keyName = "string"
primaryKey = "string"
rights = "string"
secondaryKey = "string"
}
]
encryption = {
identity = {
userAssignedIdentity = "string"
}
keySource = "string"
keyVaultProperties = [
{
keyIdentifier = "string"
}
]
}
iotHubs = [
{
allocationWeight = int
applyAllocationPolicy = bool
connectionString = "string"
___location = "string"
}
]
ipFilterRules = [
{
action = "string"
filterName = "string"
ipMask = "string"
target = "string"
}
]
privateEndpointConnections = [
{
properties = {
privateEndpoint = {
}
privateLinkServiceConnectionState = {
actionsRequired = "string"
description = "string"
status = "string"
}
}
}
]
provisioningState = "string"
publicNetworkAccess = "string"
state = "string"
}
sku = {
capacity = int
name = "string"
}
}
}
Property Values
ArmIdentity
| Name | Description | Value |
|---|---|---|
| identityType | Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned. | string |
| userAssignedIdentities | The set of UserAssigned identities associated with the IoT DPS resource. | ArmIdentityUserAssignedIdentities |
ArmIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
ArmUserIdentity
| Name | Description | Value |
|---|
EncryptionKeyIdentity
| Name | Description | Value |
|---|---|---|
| userAssignedIdentity | The user assigned identity. | string |
EncryptionPropertiesDescription
| Name | Description | Value |
|---|---|---|
| identity | The identity used to access the encryption key in KeyVault. | EncryptionKeyIdentity |
| keySource | The source of the encryption key. Typically, Microsoft.KeyVault | string |
| keyVaultProperties | The properties of the encryption key configured in KeyVault. | KeyVaultKeyProperties[] |
IotDpsPropertiesDescription
| Name | Description | Value |
|---|---|---|
| allocationPolicy | Allocation policy to be used by this provisioning service. | 'GeoLatency' 'Hashed' 'Static' |
| authorizationPolicies | List of authorization keys for a provisioning service. | SharedAccessSignatureAuthorizationRuleAccessRightsDescription[] |
| encryption | The encryption properties for the IoT DPS instance. | EncryptionPropertiesDescription |
| iotHubs | List of IoT hubs associated with this provisioning service. | IotHubDefinitionDescription[] |
| ipFilterRules | The IP filter rules. | IpFilterRule[] |
| privateEndpointConnections | Private endpoint connections created on this IotHub | PrivateEndpointConnection[] |
| provisioningState | The ARM provisioning state of the provisioning service. | string |
| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' |
| state | Current state of the provisioning service. | 'Activating' 'ActivationFailed' 'Active' 'Deleted' 'Deleting' 'DeletionFailed' 'FailingOver' 'FailoverFailed' 'Resuming' 'Suspended' 'Suspending' 'Transitioning' |
IotDpsSkuInfo
| Name | Description | Value |
|---|---|---|
| capacity | The number of units to provision | int |
| name | Sku name. | 'S1' |
IotHubDefinitionDescription
| Name | Description | Value |
|---|---|---|
| allocationWeight | weight to apply for a given iot h. | int |
| applyAllocationPolicy | flag for applying allocationPolicy or not for a given iot hub. | bool |
| connectionString | Connection string of the IoT hub. | string (required) |
| ___location | ARM region of the IoT hub. | string (required) |
IpFilterRule
| Name | Description | Value |
|---|---|---|
| action | The desired action for requests captured by this rule. | 'Accept' 'Reject' (required) |
| filterName | The name of the IP filter rule. | string (required) |
| ipMask | A string that contains the IP address range in CIDR notation for the rule. | string (required) |
| target | Target for requests captured by this rule. | 'all' 'deviceApi' 'serviceApi' |
KeyVaultKeyProperties
| Name | Description | Value |
|---|---|---|
| keyIdentifier | The identifier of the key. | string |
Microsoft.Devices/provisioningServices
| Name | Description | Value |
|---|---|---|
| etag | The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. | string |
| identity | The managed identities for the IotDps instance. | ArmIdentity |
| ___location | The resource ___location. | string (required) |
| name | The resource name | string (required) |
| properties | Service specific properties for a provisioning service | IotDpsPropertiesDescription (required) |
| sku | Sku info for a provisioning Service. | IotDpsSkuInfo (required) |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Devices/provisioningServices@2020-09-01-preview" |
PrivateEndpoint
| Name | Description | Value |
|---|
PrivateEndpointConnection
| Name | Description | Value |
|---|---|---|
| properties | The properties of a private endpoint connection | PrivateEndpointConnectionProperties (required) |
PrivateEndpointConnectionProperties
| Name | Description | Value |
|---|---|---|
| privateEndpoint | The private endpoint property of a private endpoint connection | PrivateEndpoint |
| privateLinkServiceConnectionState | The current state of a private endpoint connection | PrivateLinkServiceConnectionState (required) |
PrivateLinkServiceConnectionState
| Name | Description | Value |
|---|---|---|
| actionsRequired | Actions required for a private endpoint connection | string |
| description | The description for the current state of a private endpoint connection | string (required) |
| status | The status of a private endpoint connection | 'Approved' 'Disconnected' 'Pending' 'Rejected' (required) |
ResourceTags
| Name | Description | Value |
|---|
SharedAccessSignatureAuthorizationRuleAccessRightsDescription
| Name | Description | Value |
|---|---|---|
| keyName | Name of the key. | string (required) |
| primaryKey | Primary SAS key value. | string |
| rights | Rights that this key has. | 'DeviceConnect' 'EnrollmentRead' 'EnrollmentWrite' 'RegistrationStatusRead' 'RegistrationStatusWrite' 'ServiceConfig' (required) |
| secondaryKey | Secondary SAS key value. | string |