Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-08-01-preview
- 2023-06-30
- 2023-06-30-preview
- 2022-11-15-preview
- 2022-04-30-preview
- 2021-07-02
- 2021-07-02-preview
- 2021-07-01
- 2021-07-01-preview
- 2021-03-31
- 2021-03-03-preview
- 2021-02-01-preview
- 2020-08-31
- 2020-08-31-preview
- 2020-08-01
- 2020-07-10-preview
- 2020-06-15
- 2020-04-01
- 2020-03-01
- 2019-11-04
- 2019-07-01-preview
- 2019-03-22
- 2019-03-22-preview
- 2018-12-01-preview
- 2018-04-01
- 2018-01-22
- 2017-07-01
- 2017-01-19
- 2016-02-03
Bicep resource definition
The IotHubs resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Devices/IotHubs resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Devices/IotHubs@2020-07-10-preview' = {
  scope: resourceSymbolicName or scope
  etag: 'string'
  identity: {
    identityType: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    authorizationPolicies: [
      {
        keyName: 'string'
        primaryKey: 'string'
        rights: 'string'
        secondaryKey: 'string'
      }
    ]
    cloudToDevice: {
      defaultTtlAsIso8601: 'string'
      feedback: {
        lockDurationAsIso8601: 'string'
        maxDeliveryCount: int
        ttlAsIso8601: 'string'
      }
      maxDeliveryCount: int
    }
    comments: 'string'
    deviceStreams: {
      streamingEndpoints: [
        'string'
      ]
    }
    enableFileUploadNotifications: bool
    encryption: {
      keySource: 'string'
      keyVaultProperties: [
        {
          identity: {
            userAssignedIdentity: 'string'
          }
          keyIdentifier: 'string'
        }
      ]
    }
    eventHubEndpoints: {
      {customized property}: {
        partitionCount: int
        retentionTimeInDays: int
      }
    }
    features: 'string'
    ipFilterRules: [
      {
        action: 'string'
        filterName: 'string'
        ipMask: 'string'
      }
    ]
    messagingEndpoints: {
      {customized property}: {
        lockDurationAsIso8601: 'string'
        maxDeliveryCount: int
        ttlAsIso8601: 'string'
      }
    }
    minTlsVersion: 'string'
    privateEndpointConnections: [
      {
        properties: {
          privateEndpoint: {}
          privateLinkServiceConnectionState: {
            actionsRequired: 'string'
            description: 'string'
            status: 'string'
          }
        }
      }
    ]
    publicNetworkAccess: 'string'
    routing: {
      endpoints: {
        eventHubs: [
          {
            authenticationType: 'string'
            connectionString: 'string'
            endpointUri: 'string'
            entityPath: 'string'
            id: 'string'
            name: 'string'
            resourceGroup: 'string'
            subscriptionId: 'string'
          }
        ]
        serviceBusQueues: [
          {
            authenticationType: 'string'
            connectionString: 'string'
            endpointUri: 'string'
            entityPath: 'string'
            id: 'string'
            name: 'string'
            resourceGroup: 'string'
            subscriptionId: 'string'
          }
        ]
        serviceBusTopics: [
          {
            authenticationType: 'string'
            connectionString: 'string'
            endpointUri: 'string'
            entityPath: 'string'
            id: 'string'
            name: 'string'
            resourceGroup: 'string'
            subscriptionId: 'string'
          }
        ]
        storageContainers: [
          {
            authenticationType: 'string'
            batchFrequencyInSeconds: int
            connectionString: 'string'
            containerName: 'string'
            encoding: 'string'
            endpointUri: 'string'
            fileNameFormat: 'string'
            id: 'string'
            maxChunkSizeInBytes: int
            name: 'string'
            resourceGroup: 'string'
            subscriptionId: 'string'
          }
        ]
      }
      enrichments: [
        {
          endpointNames: [
            'string'
          ]
          key: 'string'
          value: 'string'
        }
      ]
      fallbackRoute: {
        condition: 'string'
        endpointNames: [
          'string'
        ]
        isEnabled: bool
        name: 'string'
        source: 'string'
      }
      routes: [
        {
          condition: 'string'
          endpointNames: [
            'string'
          ]
          isEnabled: bool
          name: 'string'
          source: 'string'
        }
      ]
    }
    storageEndpoints: {
      {customized property}: {
        authenticationType: 'string'
        connectionString: 'string'
        containerName: 'string'
        sasTtlAsIso8601: 'string'
      }
    }
  }
  sku: {
    capacity: int
    name: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}
Property Values
Microsoft.Devices/IotHubs
| Name | Description | Value | 
|---|---|---|
| etag | The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. | string | 
| identity | The managed identities for the IotHub. | ArmIdentity | 
| location | The resource location. | string (required) | 
| name | The resource name | string (required) | 
| properties | IotHub properties | IotHubProperties | 
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. | 
| sku | IotHub SKU info | IotHubSkuInfo (required) | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
ArmIdentity
| Name | Description | Value | 
|---|---|---|
| identityType | Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned | string | 
| userAssignedIdentities | Dictionary of <ArmUserIdentity> | ArmIdentityUserAssignedIdentities | 
ArmIdentityUserAssignedIdentities
| Name | Description | Value | 
|---|
ArmUserIdentity
| Name | Description | Value | 
|---|
CloudToDeviceProperties
| Name | Description | Value | 
|---|---|---|
| defaultTtlAsIso8601 | The default time to live for cloud-to-device messages in the device queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | string | 
| feedback | The properties of the feedback queue for cloud-to-device messages. | FeedbackProperties | 
| maxDeliveryCount | The max delivery count for cloud-to-device messages in the device queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | int Constraints: Min value = 1 Max value = 100 | 
EncryptionPropertiesDescription
| Name | Description | Value | 
|---|---|---|
| keySource | The source of the key. | string | 
| keyVaultProperties | The properties of the KeyVault key. | KeyVaultKeyProperties[] | 
EnrichmentProperties
| Name | Description | Value | 
|---|---|---|
| endpointNames | The list of endpoints for which the enrichment is applied to the message. | string[] (required) | 
| key | The key or name for the enrichment property. | string (required) | 
| value | The value for the enrichment property. | string (required) | 
EventHubProperties
| Name | Description | Value | 
|---|---|---|
| partitionCount | The number of partitions for receiving device-to-cloud messages in the Event Hub-compatible endpoint. See: /azure/iot-hub/iot-hub-devguide-messaging#device-to-cloud-messages. | int | 
| retentionTimeInDays | The retention time for device-to-cloud messages in days. See: /azure/iot-hub/iot-hub-devguide-messaging#device-to-cloud-messages | int | 
FallbackRouteProperties
| Name | Description | Value | 
|---|---|---|
| condition | The condition which is evaluated in order to apply the fallback route. If the condition is not provided it will evaluate to true by default. For grammar, See: /azure/iot-hub/iot-hub-devguide-query-language | string | 
| endpointNames | The list of endpoints to which the messages that satisfy the condition are routed to. Currently only 1 endpoint is allowed. | string[] (required) | 
| isEnabled | Used to specify whether the fallback route is enabled. | bool (required) | 
| name | The name of the route. The name can only include alphanumeric characters, periods, underscores, hyphens, has a maximum length of 64 characters, and must be unique. | string | 
| source | The source to which the routing rule is to be applied to. For example, DeviceMessages | 'DeviceJobLifecycleEvents' 'DeviceLifecycleEvents' 'DeviceMessages' 'DigitalTwinChangeEvents' 'Invalid' 'TwinChangeEvents' (required) | 
FeedbackProperties
| Name | Description | Value | 
|---|---|---|
| lockDurationAsIso8601 | The lock duration for the feedback queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | string | 
| maxDeliveryCount | The number of times the IoT hub attempts to deliver a message on the feedback queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | int Constraints: Min value = 1 Max value = 100 | 
| ttlAsIso8601 | The period of time for which a message is available to consume before it is expired by the IoT hub. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | string | 
IotHubProperties
| Name | Description | Value | 
|---|---|---|
| authorizationPolicies | The shared access policies you can use to secure a connection to the IoT hub. | SharedAccessSignatureAuthorizationRule[] | 
| cloudToDevice | The IoT hub cloud-to-device messaging properties. | CloudToDeviceProperties | 
| comments | IoT hub comments. | string | 
| deviceStreams | The device streams properties of iothub. | IotHubPropertiesDeviceStreams | 
| enableFileUploadNotifications | If True, file upload notifications are enabled. | bool | 
| encryption | The encryption properties for the IoT hub. | EncryptionPropertiesDescription | 
| eventHubEndpoints | The Event Hub-compatible endpoint properties. The only possible keys to this dictionary is events. This key has to be present in the dictionary while making create or update calls for the IoT hub. | IotHubPropertiesEventHubEndpoints | 
| features | The capabilities and features enabled for the IoT hub. | 'DeviceManagement' 'None' | 
| ipFilterRules | The IP filter rules. | IpFilterRule[] | 
| messagingEndpoints | The messaging endpoint properties for the file upload notification queue. | IotHubPropertiesMessagingEndpoints | 
| minTlsVersion | Specifies the minimum TLS version to support for this hub. Can be set to "1.2" to have clients that use a TLS version below 1.2 to be rejected. | string | 
| privateEndpointConnections | Private endpoint connections created on this IotHub | PrivateEndpointConnection[] | 
| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' | 
| routing | The routing related properties of the IoT hub. See: /azure/iot-hub/iot-hub-devguide-messaging | RoutingProperties | 
| storageEndpoints | The list of Azure Storage endpoints where you can upload files. Currently you can configure only one Azure Storage account and that MUST have its key as $default. Specifying more than one storage account causes an error to be thrown. Not specifying a value for this property when the enableFileUploadNotifications property is set to True, causes an error to be thrown. | IotHubPropertiesStorageEndpoints | 
IotHubPropertiesDeviceStreams
| Name | Description | Value | 
|---|---|---|
| streamingEndpoints | List of Device Streams Endpoints. | string[] | 
IotHubPropertiesEventHubEndpoints
| Name | Description | Value | 
|---|
IotHubPropertiesMessagingEndpoints
| Name | Description | Value | 
|---|
IotHubPropertiesStorageEndpoints
| Name | Description | Value | 
|---|
IotHubSkuInfo
| Name | Description | Value | 
|---|---|---|
| capacity | The number of provisioned IoT Hub units. See: /azure/azure-subscription-service-limits#iot-hub-limits. | int | 
| name | The name of the SKU. | 'B1' 'B2' 'B3' 'F1' 'S1' 'S2' 'S3' (required) | 
IpFilterRule
| Name | Description | Value | 
|---|---|---|
| action | The desired action for requests captured by this rule. | 'Accept' 'Reject' (required) | 
| filterName | The name of the IP filter rule. | string (required) | 
| ipMask | A string that contains the IP address range in CIDR notation for the rule. | string (required) | 
KEKIdentity
| Name | Description | Value | 
|---|---|---|
| userAssignedIdentity | The user assigned identity. | string | 
KeyVaultKeyProperties
| Name | Description | Value | 
|---|---|---|
| identity | The identity. | KEKIdentity | 
| keyIdentifier | The identifier of the key. | string | 
MessagingEndpointProperties
| Name | Description | Value | 
|---|---|---|
| lockDurationAsIso8601 | The lock duration. See: /azure/iot-hub/iot-hub-devguide-file-upload. | string | 
| maxDeliveryCount | The number of times the IoT hub attempts to deliver a message. See: /azure/iot-hub/iot-hub-devguide-file-upload. | int Constraints: Min value = 1 Max value = 100 | 
| ttlAsIso8601 | The period of time for which a message is available to consume before it is expired by the IoT hub. See: /azure/iot-hub/iot-hub-devguide-file-upload. | string | 
PrivateEndpoint
| Name | Description | Value | 
|---|
PrivateEndpointConnection
| Name | Description | Value | 
|---|---|---|
| properties | The properties of a private endpoint connection | PrivateEndpointConnectionProperties (required) | 
PrivateEndpointConnectionProperties
| Name | Description | Value | 
|---|---|---|
| privateEndpoint | The private endpoint property of a private endpoint connection | PrivateEndpoint | 
| privateLinkServiceConnectionState | The current state of a private endpoint connection | PrivateLinkServiceConnectionState (required) | 
PrivateLinkServiceConnectionState
| Name | Description | Value | 
|---|---|---|
| actionsRequired | Actions required for a private endpoint connection | string | 
| description | The description for the current state of a private endpoint connection | string (required) | 
| status | The status of a private endpoint connection | 'Approved' 'Disconnected' 'Pending' 'Rejected' (required) | 
ResourceTags
| Name | Description | Value | 
|---|
RouteProperties
| Name | Description | Value | 
|---|---|---|
| condition | The condition that is evaluated to apply the routing rule. If no condition is provided, it evaluates to true by default. For grammar, see: /azure/iot-hub/iot-hub-devguide-query-language | string | 
| endpointNames | The list of endpoints to which messages that satisfy the condition are routed. Currently only one endpoint is allowed. | string[] (required) | 
| isEnabled | Used to specify whether a route is enabled. | bool (required) | 
| name | The name of the route. The name can only include alphanumeric characters, periods, underscores, hyphens, has a maximum length of 64 characters, and must be unique. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| source | The source that the routing rule is to be applied to, such as DeviceMessages. | 'DeviceJobLifecycleEvents' 'DeviceLifecycleEvents' 'DeviceMessages' 'DigitalTwinChangeEvents' 'Invalid' 'TwinChangeEvents' (required) | 
RoutingEndpoints
| Name | Description | Value | 
|---|---|---|
| eventHubs | The list of Event Hubs endpoints that IoT hub routes messages to, based on the routing rules. This list does not include the built-in Event Hubs endpoint. | RoutingEventHubProperties[] | 
| serviceBusQueues | The list of Service Bus queue endpoints that IoT hub routes the messages to, based on the routing rules. | RoutingServiceBusQueueEndpointProperties[] | 
| serviceBusTopics | The list of Service Bus topic endpoints that the IoT hub routes the messages to, based on the routing rules. | RoutingServiceBusTopicEndpointProperties[] | 
| storageContainers | The list of storage container endpoints that IoT hub routes messages to, based on the routing rules. | RoutingStorageContainerProperties[] | 
RoutingEventHubProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the event hub endpoint | 'identityBased' 'keyBased' | 
| connectionString | The connection string of the event hub endpoint. | string | 
| endpointUri | The url of the event hub endpoint. It must include the protocol sb:// | string | 
| entityPath | Event hub name on the event hub namespace | string | 
| id | Id of the event hub endpoint | string | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the event hub endpoint. | string | 
| subscriptionId | The subscription identifier of the event hub endpoint. | string | 
RoutingProperties
| Name | Description | Value | 
|---|---|---|
| endpoints | The properties related to the custom endpoints to which your IoT hub routes messages based on the routing rules. A maximum of 10 custom endpoints are allowed across all endpoint types for paid hubs and only 1 custom endpoint is allowed across all endpoint types for free hubs. | RoutingEndpoints | 
| enrichments | The list of user-provided enrichments that the IoT hub applies to messages to be delivered to built-in and custom endpoints. See: https://aka.ms/telemetryoneventgrid | EnrichmentProperties[] | 
| fallbackRoute | The properties of the route that is used as a fall-back route when none of the conditions specified in the 'routes' section are met. This is an optional parameter. When this property is not set, the messages which do not meet any of the conditions specified in the 'routes' section get routed to the built-in eventhub endpoint. | FallbackRouteProperties | 
| routes | The list of user-provided routing rules that the IoT hub uses to route messages to built-in and custom endpoints. A maximum of 100 routing rules are allowed for paid hubs and a maximum of 5 routing rules are allowed for free hubs. | RouteProperties[] | 
RoutingServiceBusQueueEndpointProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the service bus queue endpoint | 'identityBased' 'keyBased' | 
| connectionString | The connection string of the service bus queue endpoint. | string | 
| endpointUri | The url of the service bus queue endpoint. It must include the protocol sb:// | string | 
| entityPath | Queue name on the service bus namespace | string | 
| id | Id of the service bus queue endpoint | string | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. The name need not be the same as the actual queue name. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the service bus queue endpoint. | string | 
| subscriptionId | The subscription identifier of the service bus queue endpoint. | string | 
RoutingServiceBusTopicEndpointProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the service bus topic endpoint | 'identityBased' 'keyBased' | 
| connectionString | The connection string of the service bus topic endpoint. | string | 
| endpointUri | The url of the service bus topic endpoint. It must include the protocol sb:// | string | 
| entityPath | Queue name on the service bus topic | string | 
| id | Id of the service bus topic endpoint | string | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. The name need not be the same as the actual topic name. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the service bus topic endpoint. | string | 
| subscriptionId | The subscription identifier of the service bus topic endpoint. | string | 
RoutingStorageContainerProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the storage endpoint | 'identityBased' 'keyBased' | 
| batchFrequencyInSeconds | Time interval at which blobs are written to storage. Value should be between 60 and 720 seconds. Default value is 300 seconds. | int Constraints: Min value = 60 Max value = 720 | 
| connectionString | The connection string of the storage account. | string | 
| containerName | The name of storage container in the storage account. | string (required) | 
| encoding | Encoding that is used to serialize messages to blobs. Supported values are 'avro', 'avrodeflate', and 'JSON'. Default value is 'avro'. | 'Avro' 'AvroDeflate' 'JSON' | 
| endpointUri | The url of the storage endpoint. It must include the protocol https:// | string | 
| fileNameFormat | File name format for the blob. Default format is {iothub}/{partition}/{YYYY}/{MM}/{DD}/{HH}/{mm}. All parameters are mandatory but can be reordered. | string | 
| id | Id of the storage container endpoint | string | 
| maxChunkSizeInBytes | Maximum number of bytes for each blob written to storage. Value should be between 10485760(10MB) and 524288000(500MB). Default value is 314572800(300MB). | int Constraints: Min value = 10485760 Max value = 524288000 | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the storage account. | string | 
| subscriptionId | The subscription identifier of the storage account. | string | 
SharedAccessSignatureAuthorizationRule
| Name | Description | Value | 
|---|---|---|
| keyName | The name of the shared access policy. | string (required) | 
| primaryKey | The primary key. | string | 
| rights | The permissions assigned to the shared access policy. | 'DeviceConnect' 'RegistryRead' 'RegistryRead, DeviceConnect' 'RegistryRead, RegistryWrite' 'RegistryRead, RegistryWrite, DeviceConnect' 'RegistryRead, RegistryWrite, ServiceConnect' 'RegistryRead, RegistryWrite, ServiceConnect, DeviceConnect' 'RegistryRead, ServiceConnect' 'RegistryRead, ServiceConnect, DeviceConnect' 'RegistryWrite' 'RegistryWrite, DeviceConnect' 'RegistryWrite, ServiceConnect' 'RegistryWrite, ServiceConnect, DeviceConnect' 'ServiceConnect' 'ServiceConnect, DeviceConnect' (required) | 
| secondaryKey | The secondary key. | string | 
StorageEndpointProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Specifies authentication type being used for connecting to the storage account. | 'identityBased' 'keyBased' | 
| connectionString | The connection string for the Azure Storage account to which files are uploaded. | string (required) | 
| containerName | The name of the root container where you upload files. The container need not exist but should be creatable using the connectionString specified. | string (required) | 
| sasTtlAsIso8601 | The period of time for which the SAS URI generated by IoT Hub for file upload is valid. See: /azure/iot-hub/iot-hub-devguide-file-upload#file-upload-notification-configuration-options. | string | 
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description | 
|---|---|
| Create an IoT Hub and a Device to Cloud Consumer Group | This template enables you to deploy an IoT Hub instance with device to cloud and cloud to device messaging configurations and a device to cloud consumer group. | 
| Create an IoT Hub Device Provisioning Service | This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together. | 
| Create Device Update for IoT Hub account, instance, IoT Hub | This template creates an account, and an instance and a hub to link the instance with. It configures the hub with the necessary access polices, routes, and consumer group. | 
| Deploy the MedTech service including an Azure IoT Hub | The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service. | 
| Use ARM template to create IoT Hub, route and view messages | Use this template to deploy an IoT Hub and a storage account. Run an app to send messages to the hub that are routed to storage, then view the results. | 
ARM template resource definition
The IotHubs resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Devices/IotHubs resource, add the following JSON to your template.
{
  "type": "Microsoft.Devices/IotHubs",
  "apiVersion": "2020-07-10-preview",
  "name": "string",
  "etag": "string",
  "identity": {
    "identityType": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "authorizationPolicies": [
      {
        "keyName": "string",
        "primaryKey": "string",
        "rights": "string",
        "secondaryKey": "string"
      }
    ],
    "cloudToDevice": {
      "defaultTtlAsIso8601": "string",
      "feedback": {
        "lockDurationAsIso8601": "string",
        "maxDeliveryCount": "int",
        "ttlAsIso8601": "string"
      },
      "maxDeliveryCount": "int"
    },
    "comments": "string",
    "deviceStreams": {
      "streamingEndpoints": [ "string" ]
    },
    "enableFileUploadNotifications": "bool",
    "encryption": {
      "keySource": "string",
      "keyVaultProperties": [
        {
          "identity": {
            "userAssignedIdentity": "string"
          },
          "keyIdentifier": "string"
        }
      ]
    },
    "eventHubEndpoints": {
      "{customized property}": {
        "partitionCount": "int",
        "retentionTimeInDays": "int"
      }
    },
    "features": "string",
    "ipFilterRules": [
      {
        "action": "string",
        "filterName": "string",
        "ipMask": "string"
      }
    ],
    "messagingEndpoints": {
      "{customized property}": {
        "lockDurationAsIso8601": "string",
        "maxDeliveryCount": "int",
        "ttlAsIso8601": "string"
      }
    },
    "minTlsVersion": "string",
    "privateEndpointConnections": [
      {
        "properties": {
          "privateEndpoint": {
          },
          "privateLinkServiceConnectionState": {
            "actionsRequired": "string",
            "description": "string",
            "status": "string"
          }
        }
      }
    ],
    "publicNetworkAccess": "string",
    "routing": {
      "endpoints": {
        "eventHubs": [
          {
            "authenticationType": "string",
            "connectionString": "string",
            "endpointUri": "string",
            "entityPath": "string",
            "id": "string",
            "name": "string",
            "resourceGroup": "string",
            "subscriptionId": "string"
          }
        ],
        "serviceBusQueues": [
          {
            "authenticationType": "string",
            "connectionString": "string",
            "endpointUri": "string",
            "entityPath": "string",
            "id": "string",
            "name": "string",
            "resourceGroup": "string",
            "subscriptionId": "string"
          }
        ],
        "serviceBusTopics": [
          {
            "authenticationType": "string",
            "connectionString": "string",
            "endpointUri": "string",
            "entityPath": "string",
            "id": "string",
            "name": "string",
            "resourceGroup": "string",
            "subscriptionId": "string"
          }
        ],
        "storageContainers": [
          {
            "authenticationType": "string",
            "batchFrequencyInSeconds": "int",
            "connectionString": "string",
            "containerName": "string",
            "encoding": "string",
            "endpointUri": "string",
            "fileNameFormat": "string",
            "id": "string",
            "maxChunkSizeInBytes": "int",
            "name": "string",
            "resourceGroup": "string",
            "subscriptionId": "string"
          }
        ]
      },
      "enrichments": [
        {
          "endpointNames": [ "string" ],
          "key": "string",
          "value": "string"
        }
      ],
      "fallbackRoute": {
        "condition": "string",
        "endpointNames": [ "string" ],
        "isEnabled": "bool",
        "name": "string",
        "source": "string"
      },
      "routes": [
        {
          "condition": "string",
          "endpointNames": [ "string" ],
          "isEnabled": "bool",
          "name": "string",
          "source": "string"
        }
      ]
    },
    "storageEndpoints": {
      "{customized property}": {
        "authenticationType": "string",
        "connectionString": "string",
        "containerName": "string",
        "sasTtlAsIso8601": "string"
      }
    }
  },
  "sku": {
    "capacity": "int",
    "name": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}
Property Values
Microsoft.Devices/IotHubs
| Name | Description | Value | 
|---|---|---|
| apiVersion | The api version | '2020-07-10-preview' | 
| etag | The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. | string | 
| identity | The managed identities for the IotHub. | ArmIdentity | 
| location | The resource location. | string (required) | 
| name | The resource name | string (required) | 
| properties | IotHub properties | IotHubProperties | 
| sku | IotHub SKU info | IotHubSkuInfo (required) | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
| type | The resource type | 'Microsoft.Devices/IotHubs' | 
ArmIdentity
| Name | Description | Value | 
|---|---|---|
| identityType | Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned | string | 
| userAssignedIdentities | Dictionary of <ArmUserIdentity> | ArmIdentityUserAssignedIdentities | 
ArmIdentityUserAssignedIdentities
| Name | Description | Value | 
|---|
ArmUserIdentity
| Name | Description | Value | 
|---|
CloudToDeviceProperties
| Name | Description | Value | 
|---|---|---|
| defaultTtlAsIso8601 | The default time to live for cloud-to-device messages in the device queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | string | 
| feedback | The properties of the feedback queue for cloud-to-device messages. | FeedbackProperties | 
| maxDeliveryCount | The max delivery count for cloud-to-device messages in the device queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | int Constraints: Min value = 1 Max value = 100 | 
EncryptionPropertiesDescription
| Name | Description | Value | 
|---|---|---|
| keySource | The source of the key. | string | 
| keyVaultProperties | The properties of the KeyVault key. | KeyVaultKeyProperties[] | 
EnrichmentProperties
| Name | Description | Value | 
|---|---|---|
| endpointNames | The list of endpoints for which the enrichment is applied to the message. | string[] (required) | 
| key | The key or name for the enrichment property. | string (required) | 
| value | The value for the enrichment property. | string (required) | 
EventHubProperties
| Name | Description | Value | 
|---|---|---|
| partitionCount | The number of partitions for receiving device-to-cloud messages in the Event Hub-compatible endpoint. See: /azure/iot-hub/iot-hub-devguide-messaging#device-to-cloud-messages. | int | 
| retentionTimeInDays | The retention time for device-to-cloud messages in days. See: /azure/iot-hub/iot-hub-devguide-messaging#device-to-cloud-messages | int | 
FallbackRouteProperties
| Name | Description | Value | 
|---|---|---|
| condition | The condition which is evaluated in order to apply the fallback route. If the condition is not provided it will evaluate to true by default. For grammar, See: /azure/iot-hub/iot-hub-devguide-query-language | string | 
| endpointNames | The list of endpoints to which the messages that satisfy the condition are routed to. Currently only 1 endpoint is allowed. | string[] (required) | 
| isEnabled | Used to specify whether the fallback route is enabled. | bool (required) | 
| name | The name of the route. The name can only include alphanumeric characters, periods, underscores, hyphens, has a maximum length of 64 characters, and must be unique. | string | 
| source | The source to which the routing rule is to be applied to. For example, DeviceMessages | 'DeviceJobLifecycleEvents' 'DeviceLifecycleEvents' 'DeviceMessages' 'DigitalTwinChangeEvents' 'Invalid' 'TwinChangeEvents' (required) | 
FeedbackProperties
| Name | Description | Value | 
|---|---|---|
| lockDurationAsIso8601 | The lock duration for the feedback queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | string | 
| maxDeliveryCount | The number of times the IoT hub attempts to deliver a message on the feedback queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | int Constraints: Min value = 1 Max value = 100 | 
| ttlAsIso8601 | The period of time for which a message is available to consume before it is expired by the IoT hub. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | string | 
IotHubProperties
| Name | Description | Value | 
|---|---|---|
| authorizationPolicies | The shared access policies you can use to secure a connection to the IoT hub. | SharedAccessSignatureAuthorizationRule[] | 
| cloudToDevice | The IoT hub cloud-to-device messaging properties. | CloudToDeviceProperties | 
| comments | IoT hub comments. | string | 
| deviceStreams | The device streams properties of iothub. | IotHubPropertiesDeviceStreams | 
| enableFileUploadNotifications | If True, file upload notifications are enabled. | bool | 
| encryption | The encryption properties for the IoT hub. | EncryptionPropertiesDescription | 
| eventHubEndpoints | The Event Hub-compatible endpoint properties. The only possible keys to this dictionary is events. This key has to be present in the dictionary while making create or update calls for the IoT hub. | IotHubPropertiesEventHubEndpoints | 
| features | The capabilities and features enabled for the IoT hub. | 'DeviceManagement' 'None' | 
| ipFilterRules | The IP filter rules. | IpFilterRule[] | 
| messagingEndpoints | The messaging endpoint properties for the file upload notification queue. | IotHubPropertiesMessagingEndpoints | 
| minTlsVersion | Specifies the minimum TLS version to support for this hub. Can be set to "1.2" to have clients that use a TLS version below 1.2 to be rejected. | string | 
| privateEndpointConnections | Private endpoint connections created on this IotHub | PrivateEndpointConnection[] | 
| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' | 
| routing | The routing related properties of the IoT hub. See: /azure/iot-hub/iot-hub-devguide-messaging | RoutingProperties | 
| storageEndpoints | The list of Azure Storage endpoints where you can upload files. Currently you can configure only one Azure Storage account and that MUST have its key as $default. Specifying more than one storage account causes an error to be thrown. Not specifying a value for this property when the enableFileUploadNotifications property is set to True, causes an error to be thrown. | IotHubPropertiesStorageEndpoints | 
IotHubPropertiesDeviceStreams
| Name | Description | Value | 
|---|---|---|
| streamingEndpoints | List of Device Streams Endpoints. | string[] | 
IotHubPropertiesEventHubEndpoints
| Name | Description | Value | 
|---|
IotHubPropertiesMessagingEndpoints
| Name | Description | Value | 
|---|
IotHubPropertiesStorageEndpoints
| Name | Description | Value | 
|---|
IotHubSkuInfo
| Name | Description | Value | 
|---|---|---|
| capacity | The number of provisioned IoT Hub units. See: /azure/azure-subscription-service-limits#iot-hub-limits. | int | 
| name | The name of the SKU. | 'B1' 'B2' 'B3' 'F1' 'S1' 'S2' 'S3' (required) | 
IpFilterRule
| Name | Description | Value | 
|---|---|---|
| action | The desired action for requests captured by this rule. | 'Accept' 'Reject' (required) | 
| filterName | The name of the IP filter rule. | string (required) | 
| ipMask | A string that contains the IP address range in CIDR notation for the rule. | string (required) | 
KEKIdentity
| Name | Description | Value | 
|---|---|---|
| userAssignedIdentity | The user assigned identity. | string | 
KeyVaultKeyProperties
| Name | Description | Value | 
|---|---|---|
| identity | The identity. | KEKIdentity | 
| keyIdentifier | The identifier of the key. | string | 
MessagingEndpointProperties
| Name | Description | Value | 
|---|---|---|
| lockDurationAsIso8601 | The lock duration. See: /azure/iot-hub/iot-hub-devguide-file-upload. | string | 
| maxDeliveryCount | The number of times the IoT hub attempts to deliver a message. See: /azure/iot-hub/iot-hub-devguide-file-upload. | int Constraints: Min value = 1 Max value = 100 | 
| ttlAsIso8601 | The period of time for which a message is available to consume before it is expired by the IoT hub. See: /azure/iot-hub/iot-hub-devguide-file-upload. | string | 
PrivateEndpoint
| Name | Description | Value | 
|---|
PrivateEndpointConnection
| Name | Description | Value | 
|---|---|---|
| properties | The properties of a private endpoint connection | PrivateEndpointConnectionProperties (required) | 
PrivateEndpointConnectionProperties
| Name | Description | Value | 
|---|---|---|
| privateEndpoint | The private endpoint property of a private endpoint connection | PrivateEndpoint | 
| privateLinkServiceConnectionState | The current state of a private endpoint connection | PrivateLinkServiceConnectionState (required) | 
PrivateLinkServiceConnectionState
| Name | Description | Value | 
|---|---|---|
| actionsRequired | Actions required for a private endpoint connection | string | 
| description | The description for the current state of a private endpoint connection | string (required) | 
| status | The status of a private endpoint connection | 'Approved' 'Disconnected' 'Pending' 'Rejected' (required) | 
ResourceTags
| Name | Description | Value | 
|---|
RouteProperties
| Name | Description | Value | 
|---|---|---|
| condition | The condition that is evaluated to apply the routing rule. If no condition is provided, it evaluates to true by default. For grammar, see: /azure/iot-hub/iot-hub-devguide-query-language | string | 
| endpointNames | The list of endpoints to which messages that satisfy the condition are routed. Currently only one endpoint is allowed. | string[] (required) | 
| isEnabled | Used to specify whether a route is enabled. | bool (required) | 
| name | The name of the route. The name can only include alphanumeric characters, periods, underscores, hyphens, has a maximum length of 64 characters, and must be unique. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| source | The source that the routing rule is to be applied to, such as DeviceMessages. | 'DeviceJobLifecycleEvents' 'DeviceLifecycleEvents' 'DeviceMessages' 'DigitalTwinChangeEvents' 'Invalid' 'TwinChangeEvents' (required) | 
RoutingEndpoints
| Name | Description | Value | 
|---|---|---|
| eventHubs | The list of Event Hubs endpoints that IoT hub routes messages to, based on the routing rules. This list does not include the built-in Event Hubs endpoint. | RoutingEventHubProperties[] | 
| serviceBusQueues | The list of Service Bus queue endpoints that IoT hub routes the messages to, based on the routing rules. | RoutingServiceBusQueueEndpointProperties[] | 
| serviceBusTopics | The list of Service Bus topic endpoints that the IoT hub routes the messages to, based on the routing rules. | RoutingServiceBusTopicEndpointProperties[] | 
| storageContainers | The list of storage container endpoints that IoT hub routes messages to, based on the routing rules. | RoutingStorageContainerProperties[] | 
RoutingEventHubProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the event hub endpoint | 'identityBased' 'keyBased' | 
| connectionString | The connection string of the event hub endpoint. | string | 
| endpointUri | The url of the event hub endpoint. It must include the protocol sb:// | string | 
| entityPath | Event hub name on the event hub namespace | string | 
| id | Id of the event hub endpoint | string | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the event hub endpoint. | string | 
| subscriptionId | The subscription identifier of the event hub endpoint. | string | 
RoutingProperties
| Name | Description | Value | 
|---|---|---|
| endpoints | The properties related to the custom endpoints to which your IoT hub routes messages based on the routing rules. A maximum of 10 custom endpoints are allowed across all endpoint types for paid hubs and only 1 custom endpoint is allowed across all endpoint types for free hubs. | RoutingEndpoints | 
| enrichments | The list of user-provided enrichments that the IoT hub applies to messages to be delivered to built-in and custom endpoints. See: https://aka.ms/telemetryoneventgrid | EnrichmentProperties[] | 
| fallbackRoute | The properties of the route that is used as a fall-back route when none of the conditions specified in the 'routes' section are met. This is an optional parameter. When this property is not set, the messages which do not meet any of the conditions specified in the 'routes' section get routed to the built-in eventhub endpoint. | FallbackRouteProperties | 
| routes | The list of user-provided routing rules that the IoT hub uses to route messages to built-in and custom endpoints. A maximum of 100 routing rules are allowed for paid hubs and a maximum of 5 routing rules are allowed for free hubs. | RouteProperties[] | 
RoutingServiceBusQueueEndpointProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the service bus queue endpoint | 'identityBased' 'keyBased' | 
| connectionString | The connection string of the service bus queue endpoint. | string | 
| endpointUri | The url of the service bus queue endpoint. It must include the protocol sb:// | string | 
| entityPath | Queue name on the service bus namespace | string | 
| id | Id of the service bus queue endpoint | string | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. The name need not be the same as the actual queue name. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the service bus queue endpoint. | string | 
| subscriptionId | The subscription identifier of the service bus queue endpoint. | string | 
RoutingServiceBusTopicEndpointProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the service bus topic endpoint | 'identityBased' 'keyBased' | 
| connectionString | The connection string of the service bus topic endpoint. | string | 
| endpointUri | The url of the service bus topic endpoint. It must include the protocol sb:// | string | 
| entityPath | Queue name on the service bus topic | string | 
| id | Id of the service bus topic endpoint | string | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. The name need not be the same as the actual topic name. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the service bus topic endpoint. | string | 
| subscriptionId | The subscription identifier of the service bus topic endpoint. | string | 
RoutingStorageContainerProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the storage endpoint | 'identityBased' 'keyBased' | 
| batchFrequencyInSeconds | Time interval at which blobs are written to storage. Value should be between 60 and 720 seconds. Default value is 300 seconds. | int Constraints: Min value = 60 Max value = 720 | 
| connectionString | The connection string of the storage account. | string | 
| containerName | The name of storage container in the storage account. | string (required) | 
| encoding | Encoding that is used to serialize messages to blobs. Supported values are 'avro', 'avrodeflate', and 'JSON'. Default value is 'avro'. | 'Avro' 'AvroDeflate' 'JSON' | 
| endpointUri | The url of the storage endpoint. It must include the protocol https:// | string | 
| fileNameFormat | File name format for the blob. Default format is {iothub}/{partition}/{YYYY}/{MM}/{DD}/{HH}/{mm}. All parameters are mandatory but can be reordered. | string | 
| id | Id of the storage container endpoint | string | 
| maxChunkSizeInBytes | Maximum number of bytes for each blob written to storage. Value should be between 10485760(10MB) and 524288000(500MB). Default value is 314572800(300MB). | int Constraints: Min value = 10485760 Max value = 524288000 | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the storage account. | string | 
| subscriptionId | The subscription identifier of the storage account. | string | 
SharedAccessSignatureAuthorizationRule
| Name | Description | Value | 
|---|---|---|
| keyName | The name of the shared access policy. | string (required) | 
| primaryKey | The primary key. | string | 
| rights | The permissions assigned to the shared access policy. | 'DeviceConnect' 'RegistryRead' 'RegistryRead, DeviceConnect' 'RegistryRead, RegistryWrite' 'RegistryRead, RegistryWrite, DeviceConnect' 'RegistryRead, RegistryWrite, ServiceConnect' 'RegistryRead, RegistryWrite, ServiceConnect, DeviceConnect' 'RegistryRead, ServiceConnect' 'RegistryRead, ServiceConnect, DeviceConnect' 'RegistryWrite' 'RegistryWrite, DeviceConnect' 'RegistryWrite, ServiceConnect' 'RegistryWrite, ServiceConnect, DeviceConnect' 'ServiceConnect' 'ServiceConnect, DeviceConnect' (required) | 
| secondaryKey | The secondary key. | string | 
StorageEndpointProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Specifies authentication type being used for connecting to the storage account. | 'identityBased' 'keyBased' | 
| connectionString | The connection string for the Azure Storage account to which files are uploaded. | string (required) | 
| containerName | The name of the root container where you upload files. The container need not exist but should be creatable using the connectionString specified. | string (required) | 
| sasTtlAsIso8601 | The period of time for which the SAS URI generated by IoT Hub for file upload is valid. See: /azure/iot-hub/iot-hub-devguide-file-upload#file-upload-notification-configuration-options. | string | 
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description | 
|---|---|
| Create a Pay As You Go (PAYG) Environment with an IoT Hub | This template enables you to deploy a Pay As You Go (PAYG) Time Series Insights environment that is configured to consume events from an IoT Hub. | 
| Create an IoT Hub and a Device to Cloud Consumer Group | This template enables you to deploy an IoT Hub instance with device to cloud and cloud to device messaging configurations and a device to cloud consumer group. | 
| Create an IOT Hub and Ubuntu edge simulator | This template creates an IOT Hub and Virtual Machine Ubuntu edge simulator. | 
| Create an IoT Hub Device Provisioning Service | This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together. | 
| Create Device Update for IoT Hub account, instance, IoT Hub | This template creates an account, and an instance and a hub to link the instance with. It configures the hub with the necessary access polices, routes, and consumer group. | 
| Deploy the MedTech service including an Azure IoT Hub | The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service. | 
| Use ARM template to create IoT Hub, route and view messages | Use this template to deploy an IoT Hub and a storage account. Run an app to send messages to the hub that are routed to storage, then view the results. | 
Terraform (AzAPI provider) resource definition
The IotHubs resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Devices/IotHubs resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Devices/IotHubs@2020-07-10-preview"
  name = "string"
  parent_id = "string"
  identity {
    type = "string"
    identity_ids = [
      "string"
    ]
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    etag = "string"
    properties = {
      authorizationPolicies = [
        {
          keyName = "string"
          primaryKey = "string"
          rights = "string"
          secondaryKey = "string"
        }
      ]
      cloudToDevice = {
        defaultTtlAsIso8601 = "string"
        feedback = {
          lockDurationAsIso8601 = "string"
          maxDeliveryCount = int
          ttlAsIso8601 = "string"
        }
        maxDeliveryCount = int
      }
      comments = "string"
      deviceStreams = {
        streamingEndpoints = [
          "string"
        ]
      }
      enableFileUploadNotifications = bool
      encryption = {
        keySource = "string"
        keyVaultProperties = [
          {
            identity = {
              userAssignedIdentity = "string"
            }
            keyIdentifier = "string"
          }
        ]
      }
      eventHubEndpoints = {
        {customized property} = {
          partitionCount = int
          retentionTimeInDays = int
        }
      }
      features = "string"
      ipFilterRules = [
        {
          action = "string"
          filterName = "string"
          ipMask = "string"
        }
      ]
      messagingEndpoints = {
        {customized property} = {
          lockDurationAsIso8601 = "string"
          maxDeliveryCount = int
          ttlAsIso8601 = "string"
        }
      }
      minTlsVersion = "string"
      privateEndpointConnections = [
        {
          properties = {
            privateEndpoint = {
            }
            privateLinkServiceConnectionState = {
              actionsRequired = "string"
              description = "string"
              status = "string"
            }
          }
        }
      ]
      publicNetworkAccess = "string"
      routing = {
        endpoints = {
          eventHubs = [
            {
              authenticationType = "string"
              connectionString = "string"
              endpointUri = "string"
              entityPath = "string"
              id = "string"
              name = "string"
              resourceGroup = "string"
              subscriptionId = "string"
            }
          ]
          serviceBusQueues = [
            {
              authenticationType = "string"
              connectionString = "string"
              endpointUri = "string"
              entityPath = "string"
              id = "string"
              name = "string"
              resourceGroup = "string"
              subscriptionId = "string"
            }
          ]
          serviceBusTopics = [
            {
              authenticationType = "string"
              connectionString = "string"
              endpointUri = "string"
              entityPath = "string"
              id = "string"
              name = "string"
              resourceGroup = "string"
              subscriptionId = "string"
            }
          ]
          storageContainers = [
            {
              authenticationType = "string"
              batchFrequencyInSeconds = int
              connectionString = "string"
              containerName = "string"
              encoding = "string"
              endpointUri = "string"
              fileNameFormat = "string"
              id = "string"
              maxChunkSizeInBytes = int
              name = "string"
              resourceGroup = "string"
              subscriptionId = "string"
            }
          ]
        }
        enrichments = [
          {
            endpointNames = [
              "string"
            ]
            key = "string"
            value = "string"
          }
        ]
        fallbackRoute = {
          condition = "string"
          endpointNames = [
            "string"
          ]
          isEnabled = bool
          name = "string"
          source = "string"
        }
        routes = [
          {
            condition = "string"
            endpointNames = [
              "string"
            ]
            isEnabled = bool
            name = "string"
            source = "string"
          }
        ]
      }
      storageEndpoints = {
        {customized property} = {
          authenticationType = "string"
          connectionString = "string"
          containerName = "string"
          sasTtlAsIso8601 = "string"
        }
      }
    }
    sku = {
      capacity = int
      name = "string"
    }
  }
}
Property Values
Microsoft.Devices/IotHubs
| Name | Description | Value | 
|---|---|---|
| etag | The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. | string | 
| identity | The managed identities for the IotHub. | ArmIdentity | 
| location | The resource location. | string (required) | 
| name | The resource name | string (required) | 
| parent_id | The ID of the resource to apply this extension resource to. | string (required) | 
| properties | IotHub properties | IotHubProperties | 
| sku | IotHub SKU info | IotHubSkuInfo (required) | 
| tags | Resource tags | Dictionary of tag names and values. | 
| type | The resource type | "Microsoft.Devices/IotHubs@2020-07-10-preview" | 
ArmIdentity
| Name | Description | Value | 
|---|---|---|
| identityType | Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned | string | 
| userAssignedIdentities | Dictionary of <ArmUserIdentity> | ArmIdentityUserAssignedIdentities | 
ArmIdentityUserAssignedIdentities
| Name | Description | Value | 
|---|
ArmUserIdentity
| Name | Description | Value | 
|---|
CloudToDeviceProperties
| Name | Description | Value | 
|---|---|---|
| defaultTtlAsIso8601 | The default time to live for cloud-to-device messages in the device queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | string | 
| feedback | The properties of the feedback queue for cloud-to-device messages. | FeedbackProperties | 
| maxDeliveryCount | The max delivery count for cloud-to-device messages in the device queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | int Constraints: Min value = 1 Max value = 100 | 
EncryptionPropertiesDescription
| Name | Description | Value | 
|---|---|---|
| keySource | The source of the key. | string | 
| keyVaultProperties | The properties of the KeyVault key. | KeyVaultKeyProperties[] | 
EnrichmentProperties
| Name | Description | Value | 
|---|---|---|
| endpointNames | The list of endpoints for which the enrichment is applied to the message. | string[] (required) | 
| key | The key or name for the enrichment property. | string (required) | 
| value | The value for the enrichment property. | string (required) | 
EventHubProperties
| Name | Description | Value | 
|---|---|---|
| partitionCount | The number of partitions for receiving device-to-cloud messages in the Event Hub-compatible endpoint. See: /azure/iot-hub/iot-hub-devguide-messaging#device-to-cloud-messages. | int | 
| retentionTimeInDays | The retention time for device-to-cloud messages in days. See: /azure/iot-hub/iot-hub-devguide-messaging#device-to-cloud-messages | int | 
FallbackRouteProperties
| Name | Description | Value | 
|---|---|---|
| condition | The condition which is evaluated in order to apply the fallback route. If the condition is not provided it will evaluate to true by default. For grammar, See: /azure/iot-hub/iot-hub-devguide-query-language | string | 
| endpointNames | The list of endpoints to which the messages that satisfy the condition are routed to. Currently only 1 endpoint is allowed. | string[] (required) | 
| isEnabled | Used to specify whether the fallback route is enabled. | bool (required) | 
| name | The name of the route. The name can only include alphanumeric characters, periods, underscores, hyphens, has a maximum length of 64 characters, and must be unique. | string | 
| source | The source to which the routing rule is to be applied to. For example, DeviceMessages | 'DeviceJobLifecycleEvents' 'DeviceLifecycleEvents' 'DeviceMessages' 'DigitalTwinChangeEvents' 'Invalid' 'TwinChangeEvents' (required) | 
FeedbackProperties
| Name | Description | Value | 
|---|---|---|
| lockDurationAsIso8601 | The lock duration for the feedback queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | string | 
| maxDeliveryCount | The number of times the IoT hub attempts to deliver a message on the feedback queue. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | int Constraints: Min value = 1 Max value = 100 | 
| ttlAsIso8601 | The period of time for which a message is available to consume before it is expired by the IoT hub. See: /azure/iot-hub/iot-hub-devguide-messaging#cloud-to-device-messages. | string | 
IotHubProperties
| Name | Description | Value | 
|---|---|---|
| authorizationPolicies | The shared access policies you can use to secure a connection to the IoT hub. | SharedAccessSignatureAuthorizationRule[] | 
| cloudToDevice | The IoT hub cloud-to-device messaging properties. | CloudToDeviceProperties | 
| comments | IoT hub comments. | string | 
| deviceStreams | The device streams properties of iothub. | IotHubPropertiesDeviceStreams | 
| enableFileUploadNotifications | If True, file upload notifications are enabled. | bool | 
| encryption | The encryption properties for the IoT hub. | EncryptionPropertiesDescription | 
| eventHubEndpoints | The Event Hub-compatible endpoint properties. The only possible keys to this dictionary is events. This key has to be present in the dictionary while making create or update calls for the IoT hub. | IotHubPropertiesEventHubEndpoints | 
| features | The capabilities and features enabled for the IoT hub. | 'DeviceManagement' 'None' | 
| ipFilterRules | The IP filter rules. | IpFilterRule[] | 
| messagingEndpoints | The messaging endpoint properties for the file upload notification queue. | IotHubPropertiesMessagingEndpoints | 
| minTlsVersion | Specifies the minimum TLS version to support for this hub. Can be set to "1.2" to have clients that use a TLS version below 1.2 to be rejected. | string | 
| privateEndpointConnections | Private endpoint connections created on this IotHub | PrivateEndpointConnection[] | 
| publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' | 
| routing | The routing related properties of the IoT hub. See: /azure/iot-hub/iot-hub-devguide-messaging | RoutingProperties | 
| storageEndpoints | The list of Azure Storage endpoints where you can upload files. Currently you can configure only one Azure Storage account and that MUST have its key as $default. Specifying more than one storage account causes an error to be thrown. Not specifying a value for this property when the enableFileUploadNotifications property is set to True, causes an error to be thrown. | IotHubPropertiesStorageEndpoints | 
IotHubPropertiesDeviceStreams
| Name | Description | Value | 
|---|---|---|
| streamingEndpoints | List of Device Streams Endpoints. | string[] | 
IotHubPropertiesEventHubEndpoints
| Name | Description | Value | 
|---|
IotHubPropertiesMessagingEndpoints
| Name | Description | Value | 
|---|
IotHubPropertiesStorageEndpoints
| Name | Description | Value | 
|---|
IotHubSkuInfo
| Name | Description | Value | 
|---|---|---|
| capacity | The number of provisioned IoT Hub units. See: /azure/azure-subscription-service-limits#iot-hub-limits. | int | 
| name | The name of the SKU. | 'B1' 'B2' 'B3' 'F1' 'S1' 'S2' 'S3' (required) | 
IpFilterRule
| Name | Description | Value | 
|---|---|---|
| action | The desired action for requests captured by this rule. | 'Accept' 'Reject' (required) | 
| filterName | The name of the IP filter rule. | string (required) | 
| ipMask | A string that contains the IP address range in CIDR notation for the rule. | string (required) | 
KEKIdentity
| Name | Description | Value | 
|---|---|---|
| userAssignedIdentity | The user assigned identity. | string | 
KeyVaultKeyProperties
| Name | Description | Value | 
|---|---|---|
| identity | The identity. | KEKIdentity | 
| keyIdentifier | The identifier of the key. | string | 
MessagingEndpointProperties
| Name | Description | Value | 
|---|---|---|
| lockDurationAsIso8601 | The lock duration. See: /azure/iot-hub/iot-hub-devguide-file-upload. | string | 
| maxDeliveryCount | The number of times the IoT hub attempts to deliver a message. See: /azure/iot-hub/iot-hub-devguide-file-upload. | int Constraints: Min value = 1 Max value = 100 | 
| ttlAsIso8601 | The period of time for which a message is available to consume before it is expired by the IoT hub. See: /azure/iot-hub/iot-hub-devguide-file-upload. | string | 
PrivateEndpoint
| Name | Description | Value | 
|---|
PrivateEndpointConnection
| Name | Description | Value | 
|---|---|---|
| properties | The properties of a private endpoint connection | PrivateEndpointConnectionProperties (required) | 
PrivateEndpointConnectionProperties
| Name | Description | Value | 
|---|---|---|
| privateEndpoint | The private endpoint property of a private endpoint connection | PrivateEndpoint | 
| privateLinkServiceConnectionState | The current state of a private endpoint connection | PrivateLinkServiceConnectionState (required) | 
PrivateLinkServiceConnectionState
| Name | Description | Value | 
|---|---|---|
| actionsRequired | Actions required for a private endpoint connection | string | 
| description | The description for the current state of a private endpoint connection | string (required) | 
| status | The status of a private endpoint connection | 'Approved' 'Disconnected' 'Pending' 'Rejected' (required) | 
ResourceTags
| Name | Description | Value | 
|---|
RouteProperties
| Name | Description | Value | 
|---|---|---|
| condition | The condition that is evaluated to apply the routing rule. If no condition is provided, it evaluates to true by default. For grammar, see: /azure/iot-hub/iot-hub-devguide-query-language | string | 
| endpointNames | The list of endpoints to which messages that satisfy the condition are routed. Currently only one endpoint is allowed. | string[] (required) | 
| isEnabled | Used to specify whether a route is enabled. | bool (required) | 
| name | The name of the route. The name can only include alphanumeric characters, periods, underscores, hyphens, has a maximum length of 64 characters, and must be unique. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| source | The source that the routing rule is to be applied to, such as DeviceMessages. | 'DeviceJobLifecycleEvents' 'DeviceLifecycleEvents' 'DeviceMessages' 'DigitalTwinChangeEvents' 'Invalid' 'TwinChangeEvents' (required) | 
RoutingEndpoints
| Name | Description | Value | 
|---|---|---|
| eventHubs | The list of Event Hubs endpoints that IoT hub routes messages to, based on the routing rules. This list does not include the built-in Event Hubs endpoint. | RoutingEventHubProperties[] | 
| serviceBusQueues | The list of Service Bus queue endpoints that IoT hub routes the messages to, based on the routing rules. | RoutingServiceBusQueueEndpointProperties[] | 
| serviceBusTopics | The list of Service Bus topic endpoints that the IoT hub routes the messages to, based on the routing rules. | RoutingServiceBusTopicEndpointProperties[] | 
| storageContainers | The list of storage container endpoints that IoT hub routes messages to, based on the routing rules. | RoutingStorageContainerProperties[] | 
RoutingEventHubProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the event hub endpoint | 'identityBased' 'keyBased' | 
| connectionString | The connection string of the event hub endpoint. | string | 
| endpointUri | The url of the event hub endpoint. It must include the protocol sb:// | string | 
| entityPath | Event hub name on the event hub namespace | string | 
| id | Id of the event hub endpoint | string | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the event hub endpoint. | string | 
| subscriptionId | The subscription identifier of the event hub endpoint. | string | 
RoutingProperties
| Name | Description | Value | 
|---|---|---|
| endpoints | The properties related to the custom endpoints to which your IoT hub routes messages based on the routing rules. A maximum of 10 custom endpoints are allowed across all endpoint types for paid hubs and only 1 custom endpoint is allowed across all endpoint types for free hubs. | RoutingEndpoints | 
| enrichments | The list of user-provided enrichments that the IoT hub applies to messages to be delivered to built-in and custom endpoints. See: https://aka.ms/telemetryoneventgrid | EnrichmentProperties[] | 
| fallbackRoute | The properties of the route that is used as a fall-back route when none of the conditions specified in the 'routes' section are met. This is an optional parameter. When this property is not set, the messages which do not meet any of the conditions specified in the 'routes' section get routed to the built-in eventhub endpoint. | FallbackRouteProperties | 
| routes | The list of user-provided routing rules that the IoT hub uses to route messages to built-in and custom endpoints. A maximum of 100 routing rules are allowed for paid hubs and a maximum of 5 routing rules are allowed for free hubs. | RouteProperties[] | 
RoutingServiceBusQueueEndpointProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the service bus queue endpoint | 'identityBased' 'keyBased' | 
| connectionString | The connection string of the service bus queue endpoint. | string | 
| endpointUri | The url of the service bus queue endpoint. It must include the protocol sb:// | string | 
| entityPath | Queue name on the service bus namespace | string | 
| id | Id of the service bus queue endpoint | string | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. The name need not be the same as the actual queue name. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the service bus queue endpoint. | string | 
| subscriptionId | The subscription identifier of the service bus queue endpoint. | string | 
RoutingServiceBusTopicEndpointProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the service bus topic endpoint | 'identityBased' 'keyBased' | 
| connectionString | The connection string of the service bus topic endpoint. | string | 
| endpointUri | The url of the service bus topic endpoint. It must include the protocol sb:// | string | 
| entityPath | Queue name on the service bus topic | string | 
| id | Id of the service bus topic endpoint | string | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. The name need not be the same as the actual topic name. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the service bus topic endpoint. | string | 
| subscriptionId | The subscription identifier of the service bus topic endpoint. | string | 
RoutingStorageContainerProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Method used to authenticate against the storage endpoint | 'identityBased' 'keyBased' | 
| batchFrequencyInSeconds | Time interval at which blobs are written to storage. Value should be between 60 and 720 seconds. Default value is 300 seconds. | int Constraints: Min value = 60 Max value = 720 | 
| connectionString | The connection string of the storage account. | string | 
| containerName | The name of storage container in the storage account. | string (required) | 
| encoding | Encoding that is used to serialize messages to blobs. Supported values are 'avro', 'avrodeflate', and 'JSON'. Default value is 'avro'. | 'Avro' 'AvroDeflate' 'JSON' | 
| endpointUri | The url of the storage endpoint. It must include the protocol https:// | string | 
| fileNameFormat | File name format for the blob. Default format is {iothub}/{partition}/{YYYY}/{MM}/{DD}/{HH}/{mm}. All parameters are mandatory but can be reordered. | string | 
| id | Id of the storage container endpoint | string | 
| maxChunkSizeInBytes | Maximum number of bytes for each blob written to storage. Value should be between 10485760(10MB) and 524288000(500MB). Default value is 314572800(300MB). | int Constraints: Min value = 10485760 Max value = 524288000 | 
| name | The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. | string Constraints: Pattern = ^[A-Za-z0-9-._]{1,64}$(required) | 
| resourceGroup | The name of the resource group of the storage account. | string | 
| subscriptionId | The subscription identifier of the storage account. | string | 
SharedAccessSignatureAuthorizationRule
| Name | Description | Value | 
|---|---|---|
| keyName | The name of the shared access policy. | string (required) | 
| primaryKey | The primary key. | string | 
| rights | The permissions assigned to the shared access policy. | 'DeviceConnect' 'RegistryRead' 'RegistryRead, DeviceConnect' 'RegistryRead, RegistryWrite' 'RegistryRead, RegistryWrite, DeviceConnect' 'RegistryRead, RegistryWrite, ServiceConnect' 'RegistryRead, RegistryWrite, ServiceConnect, DeviceConnect' 'RegistryRead, ServiceConnect' 'RegistryRead, ServiceConnect, DeviceConnect' 'RegistryWrite' 'RegistryWrite, DeviceConnect' 'RegistryWrite, ServiceConnect' 'RegistryWrite, ServiceConnect, DeviceConnect' 'ServiceConnect' 'ServiceConnect, DeviceConnect' (required) | 
| secondaryKey | The secondary key. | string | 
StorageEndpointProperties
| Name | Description | Value | 
|---|---|---|
| authenticationType | Specifies authentication type being used for connecting to the storage account. | 'identityBased' 'keyBased' | 
| connectionString | The connection string for the Azure Storage account to which files are uploaded. | string (required) | 
| containerName | The name of the root container where you upload files. The container need not exist but should be creatable using the connectionString specified. | string (required) | 
| sasTtlAsIso8601 | The period of time for which the SAS URI generated by IoT Hub for file upload is valid. See: /azure/iot-hub/iot-hub-devguide-file-upload#file-upload-notification-configuration-options. | string | 
Usage Examples
Terraform Samples
A basic example of deploying IotHub.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "location" {
  type    = string
  default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}
resource "azapi_resource" "IotHub" {
  type      = "Microsoft.Devices/IotHubs@2022-04-30-preview"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      cloudToDevice = {
      }
      enableFileUploadNotifications = false
      messagingEndpoints = {
      }
      routing = {
        fallbackRoute = {
          condition = "true"
          endpointNames = [
            "events",
          ]
          isEnabled = true
          source    = "DeviceMessages"
        }
      }
      storageEndpoints = {
      }
    }
    sku = {
      capacity = 1
      name     = "S1"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}