Microsoft.Devices provisioningServices 2020-09-01-preview

Bicep resource definition

The provisioningServices resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Devices/provisioningServices resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Devices/provisioningServices@2020-09-01-preview' = {
  etag: 'string'
  identity: {
    identityType: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    allocationPolicy: 'string'
    authorizationPolicies: [
      {
        keyName: 'string'
        primaryKey: 'string'
        rights: 'string'
        secondaryKey: 'string'
      }
    ]
    encryption: {
      identity: {
        userAssignedIdentity: 'string'
      }
      keySource: 'string'
      keyVaultProperties: [
        {
          keyIdentifier: 'string'
        }
      ]
    }
    iotHubs: [
      {
        allocationWeight: int
        applyAllocationPolicy: bool
        connectionString: 'string'
        location: 'string'
      }
    ]
    ipFilterRules: [
      {
        action: 'string'
        filterName: 'string'
        ipMask: 'string'
        target: 'string'
      }
    ]
    privateEndpointConnections: [
      {
        properties: {
          privateEndpoint: {}
          privateLinkServiceConnectionState: {
            actionsRequired: 'string'
            description: 'string'
            status: 'string'
          }
        }
      }
    ]
    provisioningState: 'string'
    publicNetworkAccess: 'string'
    state: 'string'
  }
  sku: {
    capacity: int
    name: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

ArmIdentity

Name Description Value
identityType Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned. string
userAssignedIdentities The set of UserAssigned identities associated with the IoT DPS resource. ArmIdentityUserAssignedIdentities

ArmIdentityUserAssignedIdentities

Name Description Value

ArmUserIdentity

Name Description Value

EncryptionKeyIdentity

Name Description Value
userAssignedIdentity The user assigned identity. string

EncryptionPropertiesDescription

Name Description Value
identity The identity used to access the encryption key in KeyVault. EncryptionKeyIdentity
keySource The source of the encryption key. Typically, Microsoft.KeyVault string
keyVaultProperties The properties of the encryption key configured in KeyVault. KeyVaultKeyProperties[]

IotDpsPropertiesDescription

Name Description Value
allocationPolicy Allocation policy to be used by this provisioning service. 'GeoLatency'
'Hashed'
'Static'
authorizationPolicies List of authorization keys for a provisioning service. SharedAccessSignatureAuthorizationRuleAccessRightsDescription[]
encryption The encryption properties for the IoT DPS instance. EncryptionPropertiesDescription
iotHubs List of IoT hubs associated with this provisioning service. IotHubDefinitionDescription[]
ipFilterRules The IP filter rules. IpFilterRule[]
privateEndpointConnections Private endpoint connections created on this IotHub PrivateEndpointConnection[]
provisioningState The ARM provisioning state of the provisioning service. string
publicNetworkAccess Whether requests from Public Network are allowed 'Disabled'
'Enabled'
state Current state of the provisioning service. 'Activating'
'ActivationFailed'
'Active'
'Deleted'
'Deleting'
'DeletionFailed'
'FailingOver'
'FailoverFailed'
'Resuming'
'Suspended'
'Suspending'
'Transitioning'

IotDpsSkuInfo

Name Description Value
capacity The number of units to provision int
name Sku name. 'S1'

IotHubDefinitionDescription

Name Description Value
allocationWeight weight to apply for a given iot h. int
applyAllocationPolicy flag for applying allocationPolicy or not for a given iot hub. bool
connectionString Connection string of the IoT hub. string (required)
location ARM region of the IoT hub. string (required)

IpFilterRule

Name Description Value
action The desired action for requests captured by this rule. 'Accept'
'Reject' (required)
filterName The name of the IP filter rule. string (required)
ipMask A string that contains the IP address range in CIDR notation for the rule. string (required)
target Target for requests captured by this rule. 'all'
'deviceApi'
'serviceApi'

KeyVaultKeyProperties

Name Description Value
keyIdentifier The identifier of the key. string

Microsoft.Devices/provisioningServices

Name Description Value
etag The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. string
identity The managed identities for the IotDps instance. ArmIdentity
location The resource location. string (required)
name The resource name string (required)
properties Service specific properties for a provisioning service IotDpsPropertiesDescription (required)
sku Sku info for a provisioning Service. IotDpsSkuInfo (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates

PrivateEndpoint

Name Description Value

PrivateEndpointConnection

Name Description Value
properties The properties of a private endpoint connection PrivateEndpointConnectionProperties (required)

PrivateEndpointConnectionProperties

Name Description Value
privateEndpoint The private endpoint property of a private endpoint connection PrivateEndpoint
privateLinkServiceConnectionState The current state of a private endpoint connection PrivateLinkServiceConnectionState (required)

PrivateLinkServiceConnectionState

Name Description Value
actionsRequired Actions required for a private endpoint connection string
description The description for the current state of a private endpoint connection string (required)
status The status of a private endpoint connection 'Approved'
'Disconnected'
'Pending'
'Rejected' (required)

ResourceTags

Name Description Value

SharedAccessSignatureAuthorizationRuleAccessRightsDescription

Name Description Value
keyName Name of the key. string (required)
primaryKey Primary SAS key value. string
rights Rights that this key has. 'DeviceConnect'
'EnrollmentRead'
'EnrollmentWrite'
'RegistrationStatusRead'
'RegistrationStatusWrite'
'ServiceConfig' (required)
secondaryKey Secondary SAS key value. string

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Create an IoT Hub Device Provisioning Service This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together.

ARM template resource definition

The provisioningServices resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Devices/provisioningServices resource, add the following JSON to your template.

{
  "type": "Microsoft.Devices/provisioningServices",
  "apiVersion": "2020-09-01-preview",
  "name": "string",
  "etag": "string",
  "identity": {
    "identityType": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "allocationPolicy": "string",
    "authorizationPolicies": [
      {
        "keyName": "string",
        "primaryKey": "string",
        "rights": "string",
        "secondaryKey": "string"
      }
    ],
    "encryption": {
      "identity": {
        "userAssignedIdentity": "string"
      },
      "keySource": "string",
      "keyVaultProperties": [
        {
          "keyIdentifier": "string"
        }
      ]
    },
    "iotHubs": [
      {
        "allocationWeight": "int",
        "applyAllocationPolicy": "bool",
        "connectionString": "string",
        "location": "string"
      }
    ],
    "ipFilterRules": [
      {
        "action": "string",
        "filterName": "string",
        "ipMask": "string",
        "target": "string"
      }
    ],
    "privateEndpointConnections": [
      {
        "properties": {
          "privateEndpoint": {
          },
          "privateLinkServiceConnectionState": {
            "actionsRequired": "string",
            "description": "string",
            "status": "string"
          }
        }
      }
    ],
    "provisioningState": "string",
    "publicNetworkAccess": "string",
    "state": "string"
  },
  "sku": {
    "capacity": "int",
    "name": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

ArmIdentity

Name Description Value
identityType Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned. string
userAssignedIdentities The set of UserAssigned identities associated with the IoT DPS resource. ArmIdentityUserAssignedIdentities

ArmIdentityUserAssignedIdentities

Name Description Value

ArmUserIdentity

Name Description Value

EncryptionKeyIdentity

Name Description Value
userAssignedIdentity The user assigned identity. string

EncryptionPropertiesDescription

Name Description Value
identity The identity used to access the encryption key in KeyVault. EncryptionKeyIdentity
keySource The source of the encryption key. Typically, Microsoft.KeyVault string
keyVaultProperties The properties of the encryption key configured in KeyVault. KeyVaultKeyProperties[]

IotDpsPropertiesDescription

Name Description Value
allocationPolicy Allocation policy to be used by this provisioning service. 'GeoLatency'
'Hashed'
'Static'
authorizationPolicies List of authorization keys for a provisioning service. SharedAccessSignatureAuthorizationRuleAccessRightsDescription[]
encryption The encryption properties for the IoT DPS instance. EncryptionPropertiesDescription
iotHubs List of IoT hubs associated with this provisioning service. IotHubDefinitionDescription[]
ipFilterRules The IP filter rules. IpFilterRule[]
privateEndpointConnections Private endpoint connections created on this IotHub PrivateEndpointConnection[]
provisioningState The ARM provisioning state of the provisioning service. string
publicNetworkAccess Whether requests from Public Network are allowed 'Disabled'
'Enabled'
state Current state of the provisioning service. 'Activating'
'ActivationFailed'
'Active'
'Deleted'
'Deleting'
'DeletionFailed'
'FailingOver'
'FailoverFailed'
'Resuming'
'Suspended'
'Suspending'
'Transitioning'

IotDpsSkuInfo

Name Description Value
capacity The number of units to provision int
name Sku name. 'S1'

IotHubDefinitionDescription

Name Description Value
allocationWeight weight to apply for a given iot h. int
applyAllocationPolicy flag for applying allocationPolicy or not for a given iot hub. bool
connectionString Connection string of the IoT hub. string (required)
location ARM region of the IoT hub. string (required)

IpFilterRule

Name Description Value
action The desired action for requests captured by this rule. 'Accept'
'Reject' (required)
filterName The name of the IP filter rule. string (required)
ipMask A string that contains the IP address range in CIDR notation for the rule. string (required)
target Target for requests captured by this rule. 'all'
'deviceApi'
'serviceApi'

KeyVaultKeyProperties

Name Description Value
keyIdentifier The identifier of the key. string

Microsoft.Devices/provisioningServices

Name Description Value
apiVersion The api version '2020-09-01-preview'
etag The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. string
identity The managed identities for the IotDps instance. ArmIdentity
location The resource location. string (required)
name The resource name string (required)
properties Service specific properties for a provisioning service IotDpsPropertiesDescription (required)
sku Sku info for a provisioning Service. IotDpsSkuInfo (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.Devices/provisioningServices'

PrivateEndpoint

Name Description Value

PrivateEndpointConnection

Name Description Value
properties The properties of a private endpoint connection PrivateEndpointConnectionProperties (required)

PrivateEndpointConnectionProperties

Name Description Value
privateEndpoint The private endpoint property of a private endpoint connection PrivateEndpoint
privateLinkServiceConnectionState The current state of a private endpoint connection PrivateLinkServiceConnectionState (required)

PrivateLinkServiceConnectionState

Name Description Value
actionsRequired Actions required for a private endpoint connection string
description The description for the current state of a private endpoint connection string (required)
status The status of a private endpoint connection 'Approved'
'Disconnected'
'Pending'
'Rejected' (required)

ResourceTags

Name Description Value

SharedAccessSignatureAuthorizationRuleAccessRightsDescription

Name Description Value
keyName Name of the key. string (required)
primaryKey Primary SAS key value. string
rights Rights that this key has. 'DeviceConnect'
'EnrollmentRead'
'EnrollmentWrite'
'RegistrationStatusRead'
'RegistrationStatusWrite'
'ServiceConfig' (required)
secondaryKey Secondary SAS key value. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create an IOT Hub and Ubuntu edge simulator

Deploy to Azure
This template creates an IOT Hub and Virtual Machine Ubuntu edge simulator.
Create an IoT Hub Device Provisioning Service

Deploy to Azure
This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together.

Terraform (AzAPI provider) resource definition

The provisioningServices resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Devices/provisioningServices resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Devices/provisioningServices@2020-09-01-preview"
  name = "string"
  etag = "string"
  identity = {
    identityType = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  sku = {
    capacity = int
    name = "string"
  }
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      allocationPolicy = "string"
      authorizationPolicies = [
        {
          keyName = "string"
          primaryKey = "string"
          rights = "string"
          secondaryKey = "string"
        }
      ]
      encryption = {
        identity = {
          userAssignedIdentity = "string"
        }
        keySource = "string"
        keyVaultProperties = [
          {
            keyIdentifier = "string"
          }
        ]
      }
      iotHubs = [
        {
          allocationWeight = int
          applyAllocationPolicy = bool
          connectionString = "string"
          location = "string"
        }
      ]
      ipFilterRules = [
        {
          action = "string"
          filterName = "string"
          ipMask = "string"
          target = "string"
        }
      ]
      privateEndpointConnections = [
        {
          properties = {
            privateEndpoint = {
            }
            privateLinkServiceConnectionState = {
              actionsRequired = "string"
              description = "string"
              status = "string"
            }
          }
        }
      ]
      provisioningState = "string"
      publicNetworkAccess = "string"
      state = "string"
    }
  })
}

Property values

ArmIdentity

Name Description Value
identityType Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned. string
userAssignedIdentities The set of UserAssigned identities associated with the IoT DPS resource. ArmIdentityUserAssignedIdentities

ArmIdentityUserAssignedIdentities

Name Description Value

ArmUserIdentity

Name Description Value

EncryptionKeyIdentity

Name Description Value
userAssignedIdentity The user assigned identity. string

EncryptionPropertiesDescription

Name Description Value
identity The identity used to access the encryption key in KeyVault. EncryptionKeyIdentity
keySource The source of the encryption key. Typically, Microsoft.KeyVault string
keyVaultProperties The properties of the encryption key configured in KeyVault. KeyVaultKeyProperties[]

IotDpsPropertiesDescription

Name Description Value
allocationPolicy Allocation policy to be used by this provisioning service. 'GeoLatency'
'Hashed'
'Static'
authorizationPolicies List of authorization keys for a provisioning service. SharedAccessSignatureAuthorizationRuleAccessRightsDescription[]
encryption The encryption properties for the IoT DPS instance. EncryptionPropertiesDescription
iotHubs List of IoT hubs associated with this provisioning service. IotHubDefinitionDescription[]
ipFilterRules The IP filter rules. IpFilterRule[]
privateEndpointConnections Private endpoint connections created on this IotHub PrivateEndpointConnection[]
provisioningState The ARM provisioning state of the provisioning service. string
publicNetworkAccess Whether requests from Public Network are allowed 'Disabled'
'Enabled'
state Current state of the provisioning service. 'Activating'
'ActivationFailed'
'Active'
'Deleted'
'Deleting'
'DeletionFailed'
'FailingOver'
'FailoverFailed'
'Resuming'
'Suspended'
'Suspending'
'Transitioning'

IotDpsSkuInfo

Name Description Value
capacity The number of units to provision int
name Sku name. 'S1'

IotHubDefinitionDescription

Name Description Value
allocationWeight weight to apply for a given iot h. int
applyAllocationPolicy flag for applying allocationPolicy or not for a given iot hub. bool
connectionString Connection string of the IoT hub. string (required)
location ARM region of the IoT hub. string (required)

IpFilterRule

Name Description Value
action The desired action for requests captured by this rule. 'Accept'
'Reject' (required)
filterName The name of the IP filter rule. string (required)
ipMask A string that contains the IP address range in CIDR notation for the rule. string (required)
target Target for requests captured by this rule. 'all'
'deviceApi'
'serviceApi'

KeyVaultKeyProperties

Name Description Value
keyIdentifier The identifier of the key. string

Microsoft.Devices/provisioningServices

Name Description Value
etag The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. string
identity The managed identities for the IotDps instance. ArmIdentity
location The resource location. string (required)
name The resource name string (required)
properties Service specific properties for a provisioning service IotDpsPropertiesDescription (required)
sku Sku info for a provisioning Service. IotDpsSkuInfo (required)
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.Devices/provisioningServices@2020-09-01-preview"

PrivateEndpoint

Name Description Value

PrivateEndpointConnection

Name Description Value
properties The properties of a private endpoint connection PrivateEndpointConnectionProperties (required)

PrivateEndpointConnectionProperties

Name Description Value
privateEndpoint The private endpoint property of a private endpoint connection PrivateEndpoint
privateLinkServiceConnectionState The current state of a private endpoint connection PrivateLinkServiceConnectionState (required)

PrivateLinkServiceConnectionState

Name Description Value
actionsRequired Actions required for a private endpoint connection string
description The description for the current state of a private endpoint connection string (required)
status The status of a private endpoint connection 'Approved'
'Disconnected'
'Pending'
'Rejected' (required)

ResourceTags

Name Description Value

SharedAccessSignatureAuthorizationRuleAccessRightsDescription

Name Description Value
keyName Name of the key. string (required)
primaryKey Primary SAS key value. string
rights Rights that this key has. 'DeviceConnect'
'EnrollmentRead'
'EnrollmentWrite'
'RegistrationStatusRead'
'RegistrationStatusWrite'
'ServiceConfig' (required)
secondaryKey Secondary SAS key value. string