az iot ops identity

Note

This reference is part of the azure-iot-ops extension for the Azure CLI (version 2.67.0 or higher). The extension will automatically install the first time you run an az iot ops identity command. Learn more about extensions.

Instance identity management.

Commands

Name	Description	Type	Status
az iot ops identity assign	Assign a user-assigned managed identity with the instance.	Extension	GA
az iot ops identity remove	Remove a user-assigned managed identity from the instance.	Extension	GA
az iot ops identity show	Show the instance identities.	Extension	GA

az iot ops identity assign

Assign a user-assigned managed identity with the instance.

This operation includes federation of the identity for the applicable purpose.

When --usage 'schema' is present, by default, a role assignment of the identity against the instance schema registry will be made if the expected role does not already exist.

az iot ops identity assign --mi-user-assigned
                           --name
                           --resource-group
                           [--custom-sr-role-id]
                           [--fc]
                           [--self-hosted-issuer {false, true}]
                           [--skip-sr-ra {false, true}]
                           [--usage {dataflow, schema}]

Examples

Assign and federate a desired user-assigned managed identity for use with dataflows.

az iot ops identity assign --name myinstance -g myresourcegroup --mi-user-assigned $UA_MI_RESOURCE_ID

Assign and federate a desired user-assigned managed identity for use with schema registry.

az iot ops identity assign --name myinstance -g myresourcegroup --mi-user-assigned $UA_MI_RESOURCE_ID --usage schema

Assign and federate a desired user-assigned managed identity for use with schema registry with a custom role to be used for the identity role assignment.

az iot ops identity assign --name myinstance -g myresourcegroup --mi-user-assigned $UA_MI_RESOURCE_ID --usage schema --custom-sr-role-id $CUSTOM_ROLE_ID

Assign and federate a desired user-assigned managed identity for use with schema registry but skip the role assignment step of the operation.

az iot ops identity assign --name myinstance -g myresourcegroup --mi-user-assigned $UA_MI_RESOURCE_ID --usage schema --skip-sr-ra

Required Parameters

--mi-user-assigned

The resource Id for the desired user-assigned managed identity to use with the instance.

--name -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--custom-sr-role-id

Fully qualified role definition Id in the following format: /subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/{roleId}. Only applicable when --usage is set to 'schema'.

--fc

The federated credential name.

--self-hosted-issuer

Use the self-hosted oidc issuer for federation.

Property	Value
Accepted values:	false, true

--skip-sr-ra

When used the role assignment step of the operation will be skipped. Only applicable when --usage is set to 'schema'.

Property	Value
Accepted values:	false, true

--usage

Indicates the usage type of the associated identity.

Property	Value
Default value:	dataflow
Accepted values:	dataflow, schema

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az iot ops identity remove

Remove a user-assigned managed identity from the instance.

az iot ops identity remove --mi-user-assigned
                           --name
                           --resource-group
                           [--fc]

Examples

Remove the desired user-assigned managed identity from the instance.

az iot ops identity remove --name myinstance -g myresourcegroup --mi-user-assigned $UA_MI_RESOURCE_ID

Required Parameters

--mi-user-assigned

The resource Id for the desired user-assigned managed identity to use with the instance.

--name -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--fc

The federated credential name.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az iot ops identity show

Show the instance identities.

az iot ops identity show --name
                         --resource-group

Examples

Show the identities associated with the target instance.

az iot ops identity show --name myinstance -g myresourcegroup

Required Parameters

--name -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

Share via

az iot ops identity

Commands

az iot ops identity assign

Examples

Required Parameters

Optional Parameters

az iot ops identity remove

Examples

Required Parameters

Optional Parameters

az iot ops identity show

Examples

Required Parameters

Feedback