Top / Microsoft Azure / Azure IoT Hub / Iothub

Azure IoT Hub Iothub

This page shows how to write Terraform and Azure Resource Manager for IoT Hub Iothub and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_iothub (Terraform)

The Iothub in IoT Hub can be configured in Terraform with the resource name azurerm_iothub. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L1
resource "azurerm_iothub" "plant_iot" {
  name                = var.iot_hub_name
  location            = var.location
  resource_group_name = var.resource_group_name

  sku {
iot_hub.tf#L2
resource "azurerm_iothub" "iot" {
  location            = azurerm_resource_group.rg.location
  name                = "iot-lc"
  resource_group_name = azurerm_resource_group.rg.name
  sku {
    name     = "F1"
iot_hub.tf#L2
resource "azurerm_iothub" "iothub" {
  name                = var.iot_hub_name
  resource_group_name = azurerm_resource_group.rg.name
  location            = var.location

  sku {
main.tf#L25
resource "azurerm_iothub" "b59iothub" {
    name                = "b59iothub"
    resource_group_name = azurerm_resource_group.b59.name
    location            = azurerm_resource_group.b59.location

    sku {
iot_hub.tf#L1
resource "azurerm_iothub" "iothub" {
  name                = var.iot_hub_name
  resource_group_name = azurerm_resource_group.rg.name
  location            = var.location

  sku {
iothub.tf#L1
resource "azurerm_iothub" "this" {
  name                = var.iothub_name
  resource_group_name = data.azurerm_resource_group.this.name
  location            = data.azurerm_resource_group.this.location

  sku {
IoTHub.tf#L13
resource "azurerm_iothub" "myitohub" {
  name                = "__var.resourceiothubname__"
  resource_group_name = data.azurerm_resource_group.resourcegropuiothub.name
  location            = data.azurerm_resource_group.resourcegropuiothub.location

  sku {
iot_hub.tf#L1
resource "azurerm_iothub" "iothub" {
  name                = var.iot_hub_name
  resource_group_name = azurerm_resource_group.rg.name
  location            = var.location

  sku {
iothub.tf#L2
resource "azurerm_iothub" "iot" {
  name                = var.name-iot
  resource_group_name = azurerm_resource_group.rg.name
  location            = var.location

  sku {
main.tf#L1
resource "azurerm_iothub" "ioth" {
  name                = var.iothub_name
  resource_group_name = var.resource_group_name
  location = var.resource_group_location
  sku {
    name     = var.iothub_sku_name

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Manages an IotHub

NOTE: Endpoints can be defined either directly on the azurerm_iothub resource, or using the azurerm_iothub_endpoint_* resources - but the two ways of defining the endpoints cannot be used together. If both are used against the same IoTHub, spurious changes will occur. Also, defining a azurerm_iothub_endpoint_* resource and another endpoint of a different type directly on the azurerm_iothub resource is not supported.

NOTE: Routes can be defined either directly on the azurerm_iothub resource, or using the azurerm_iothub_route resource - but the two cannot be used together. If both are used against the same IoTHub, spurious changes will occur.

NOTE: Enrichments can be defined either directly on the azurerm_iothub resource, or using the azurerm_iothub_enrichment resource - but the two cannot be used together. If both are used against the same IoTHub, spurious changes will occur.

NOTE: Fallback route can be defined either directly on the azurerm_iothub resource, or using the azurerm_iothub_fallback_route resource - but the two cannot be used together. If both are used against the same IoTHub, spurious changes will occur.

>> from Terraform Registry

Microsoft.Devices/IotHubs (Azure Resource Manager)

The IotHubs in Microsoft.Devices can be configured in Azure Resource Manager with the resource name Microsoft.Devices/IotHubs. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

handson-arm-template.json#L30
            "type": "Microsoft.Devices/IotHubs",
            "apiVersion": "2020-03-01",
            "name": "[variables('CameraIotHubName')]",
            "location": "[parameters('Region')]",
            "sku": {
                "name": "S1",
IoTHub.json#L12
      "type": "Microsoft.Devices/IotHubs",
      "name": "[parameters('hubName')]",
      "location": "North Europe",
      "sku": {
        "name": "S1",
        "tier": "Standard",
handson-arm-template.json#L30
            "type": "Microsoft.Devices/IotHubs",
            "apiVersion": "2020-03-01",
            "name": "[variables('CameraIotHubName')]",
            "location": "[parameters('Region')]",
            "sku": {
                "name": "S1",
brt-arm-template.json#L120
      "type": "Microsoft.Devices/IotHubs",
      "name": "[parameters('iotHubName')]",
      "location": "[parameters('azureLocation')]",
      "sku": {
        "name": "S1",
        "tier": "Standard",
azuredeploy.json#L40
      "type": "Microsoft.Devices/IotHubs",
      "apiVersion": "2018-04-01",
      "name": "[parameters('iotHubName')]",
      "location": "[parameters('location')]",
      "properties": {
        "eventHubEndpoints": {
iot_hub.json#L43
      "type": "Microsoft.Devices/IotHubs",
      "name": "[parameters('resourceName')]",
      "location": "[resourceGroup().location]",
      "properties": {
        "eventHubEndpoints": {
          "events": {
azuredeploy.json#L41
      "type": "Microsoft.Devices/IotHubs",
      "apiVersion": "2018-04-01",
      "name": "[parameters('iotHubName')]",
      "location": "[parameters('location')]",
      "properties": {
        "eventHubEndpoints": {
template-iothub.json#L12
      "type": "Microsoft.Devices/IotHubs",
      "name": "[variables('hubName')]",
      "location": "[variables('location')]",
      "sku": {
        "name": "S1",
        "tier": "Standard",
azuredeploy.json#L40
      "type": "Microsoft.Devices/IotHubs",
      "apiVersion": "2018-04-01",
      "name": "[parameters('iotHubName')]",
      "location": "[parameters('location')]",
      "properties": {
        "eventHubEndpoints": {
azuredeploy.json#L41
      "type": "Microsoft.Devices/IotHubs",
      "apiVersion": "2018-04-01",
      "name": "[parameters('iotHubName')]",
      "location": "[parameters('location')]",
      "properties": {
        "eventHubEndpoints": {

Parameters

  • apiVersion required - string
  • etag optional - string

    The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention.

  • identity optional
      • type optional - string

        The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service.

      • userAssignedIdentities optional - undefined
  • location required - string

    The resource location.

  • name required - string

    The name of the IoT hub.

  • properties required
      • allowedFqdnList optional - array

        List of allowed FQDNs(Fully Qualified Domain Name) for egress from Iot Hub.

      • authorizationPolicies optional array
          • keyName required - string

            The name of the shared access policy.

          • primaryKey optional - string

            The primary key.

          • rights required - string

            The permissions assigned to the shared access policy.

          • secondaryKey optional - string

            The secondary key.

      • cloudToDevice optional
      • comments optional - string

        IoT hub comments.

      • disableDeviceSAS optional - boolean

        If true, all device(including Edge devices but excluding modules) scoped SAS keys cannot be used for authentication.

      • disableLocalAuth optional - boolean

        If true, SAS tokens with Iot hub scoped SAS keys cannot be used for authentication.

      • disableModuleSAS optional - boolean

        If true, all module scoped SAS keys cannot be used for authentication.

      • enableDataResidency optional - boolean

        This property when set to true, will enable data residency, thus, disabling disaster recovery.

      • enableFileUploadNotifications optional - boolean

        If True, file upload notifications are enabled.

      • eventHubEndpoints optional - undefined

        The Event Hub-compatible endpoint properties. The only possible keys to this dictionary is events. This key has to be present in the dictionary while making create or update calls for the IoT hub.

      • features optional - string

        The capabilities and features enabled for the IoT hub.

      • ipFilterRules optional array
          • action required - string

            The desired action for requests captured by this rule.

          • filterName required - string

            The name of the IP filter rule.

          • ipMask required - string

            A string that contains the IP address range in CIDR notation for the rule.

      • messagingEndpoints optional - undefined

        The messaging endpoint properties for the file upload notification queue.

      • minTlsVersion optional - string

        Specifies the minimum TLS version to support for this hub. Can be set to "1.2" to have clients that use a TLS version below 1.2 to be rejected.

      • networkRuleSets optional
          • applyToBuiltInEventHubEndpoint required - boolean

            If True, then Network Rule Set is also applied to BuiltIn EventHub EndPoint of IotHub

          • defaultAction optional - string

            Default Action for Network Rule Set.

          • ipRules required array
              • action optional - string

                IP Filter Action.

              • filterName required - string

                Name of the IP filter rule.

              • ipMask required - string

                A string that contains the IP address range in CIDR notation for the rule.

      • privateEndpointConnections optional array
          • properties required
              • privateEndpoint optional
                • privateLinkServiceConnectionState required
                    • actionsRequired optional - string

                      Actions required for a private endpoint connection

                    • description required - string

                      The description for the current state of a private endpoint connection

                    • status required - string

                      The status of a private endpoint connection.

        • publicNetworkAccess optional - string

          Whether requests from Public Network are allowed.

        • restrictOutboundNetworkAccess optional - boolean

          If true, egress from IotHub will be restricted to only the allowed FQDNs that are configured via allowedFqdnList.

        • routing optional
            • endpoints optional
                • eventHubs optional array
                    • authenticationType optional - string

                      Method used to authenticate against the event hub endpoint.

                    • connectionString optional - string

                      The connection string of the event hub endpoint.

                    • endpointUri optional - string

                      The url of the event hub endpoint. It must include the protocol sb://

                    • entityPath optional - string

                      Event hub name on the event hub namespace

                    • id optional - string

                      Id of the event hub endpoint

                    • identity optional
                        • userAssignedIdentity optional - string

                          The user assigned identity.

                    • name required - string

                      The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types.

                    • resourceGroup optional - string

                      The name of the resource group of the event hub endpoint.

                    • subscriptionId optional - string

                      The subscription identifier of the event hub endpoint.

                • serviceBusQueues optional array
                    • authenticationType optional - string

                      Method used to authenticate against the service bus queue endpoint.

                    • connectionString optional - string

                      The connection string of the service bus queue endpoint.

                    • endpointUri optional - string

                      The url of the service bus queue endpoint. It must include the protocol sb://

                    • entityPath optional - string

                      Queue name on the service bus namespace

                    • id optional - string

                      Id of the service bus queue endpoint

                    • identity optional
                        • userAssignedIdentity optional - string

                          The user assigned identity.

                    • name required - string

                      The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. The name need not be the same as the actual queue name.

                    • resourceGroup optional - string

                      The name of the resource group of the service bus queue endpoint.

                    • subscriptionId optional - string

                      The subscription identifier of the service bus queue endpoint.

                • serviceBusTopics optional array
                    • authenticationType optional - string

                      Method used to authenticate against the service bus topic endpoint.

                    • connectionString optional - string

                      The connection string of the service bus topic endpoint.

                    • endpointUri optional - string

                      The url of the service bus topic endpoint. It must include the protocol sb://

                    • entityPath optional - string

                      Queue name on the service bus topic

                    • id optional - string

                      Id of the service bus topic endpoint

                    • identity optional
                        • userAssignedIdentity optional - string

                          The user assigned identity.

                    • name required - string

                      The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types. The name need not be the same as the actual topic name.

                    • resourceGroup optional - string

                      The name of the resource group of the service bus topic endpoint.

                    • subscriptionId optional - string

                      The subscription identifier of the service bus topic endpoint.

                • storageContainers optional array
                    • authenticationType optional - string

                      Method used to authenticate against the storage endpoint.

                    • batchFrequencyInSeconds optional - integer

                      Time interval at which blobs are written to storage. Value should be between 60 and 720 seconds. Default value is 300 seconds.

                    • connectionString optional - string

                      The connection string of the storage account.

                    • containerName required - string

                      The name of storage container in the storage account.

                    • encoding optional - string

                      Encoding that is used to serialize messages to blobs. Supported values are 'avro', 'avrodeflate', and 'JSON'. Default value is 'avro'.

                    • endpointUri optional - string

                      The url of the storage endpoint. It must include the protocol https://

                    • fileNameFormat optional - string

                      File name format for the blob. Default format is {iothub}/{partition}/{YYYY}/{MM}/{DD}/{HH}/{mm}. All parameters are mandatory but can be reordered.

                    • id optional - string

                      Id of the storage container endpoint

                    • identity optional
                        • userAssignedIdentity optional - string

                          The user assigned identity.

                    • maxChunkSizeInBytes optional - integer

                      Maximum number of bytes for each blob written to storage. Value should be between 10485760(10MB) and 524288000(500MB). Default value is 314572800(300MB).

                    • name required - string

                      The name that identifies this endpoint. The name can only include alphanumeric characters, periods, underscores, hyphens and has a maximum length of 64 characters. The following names are reserved: events, fileNotifications, $default. Endpoint names must be unique across endpoint types.

                    • resourceGroup optional - string

                      The name of the resource group of the storage account.

                    • subscriptionId optional - string

                      The subscription identifier of the storage account.

            • enrichments optional array
                • endpointNames required - array

                  The list of endpoints for which the enrichment is applied to the message.

                • key required - string

                  The key or name for the enrichment property.

                • value required - string

                  The value for the enrichment property.

            • fallbackRoute optional
                • condition optional - string

                  The condition which is evaluated in order to apply the fallback route. If the condition is not provided it will evaluate to true by default. For grammar, See: https://docs.microsoft.com/azure/iot-hub/iot-hub-devguide-query-language

                • endpointNames required - array

                  The list of endpoints to which the messages that satisfy the condition are routed to. Currently only 1 endpoint is allowed.

                • isEnabled required - boolean

                  Used to specify whether the fallback route is enabled.

                • name optional - string

                  The name of the route. The name can only include alphanumeric characters, periods, underscores, hyphens, has a maximum length of 64 characters, and must be unique.

                • source required - string

                  The source to which the routing rule is to be applied to. For example, DeviceMessages.

            • routes optional array
                • condition optional - string

                  The condition that is evaluated to apply the routing rule. If no condition is provided, it evaluates to true by default. For grammar, see: https://docs.microsoft.com/azure/iot-hub/iot-hub-devguide-query-language

                • endpointNames required - array

                  The list of endpoints to which messages that satisfy the condition are routed. Currently only one endpoint is allowed.

                • isEnabled required - boolean

                  Used to specify whether a route is enabled.

                • name required - string

                  The name of the route. The name can only include alphanumeric characters, periods, underscores, hyphens, has a maximum length of 64 characters, and must be unique.

                • source required - string

                  The source that the routing rule is to be applied to, such as DeviceMessages.

        • storageEndpoints optional - undefined

          The list of Azure Storage endpoints where you can upload files. Currently you can configure only one Azure Storage account and that MUST have its key as $default. Specifying more than one storage account causes an error to be thrown. Not specifying a value for this property when the enableFileUploadNotifications property is set to True, causes an error to be thrown.

    • sku required
    • tags optional - string

      The resource tags.

    • type required - string

    >> from Azure Resource Manager Documentation

    The Other Related Azure IoT Hub Resources

    Frequently asked questions

    What is Azure IoT Hub Iothub?

    Azure IoT Hub Iothub is a resource for IoT Hub of Microsoft Azure. Settings can be wrote in Terraform.

    Where can I find the example code for the Azure IoT Hub Iothub?

    For Terraform, the prashant101386/devops, finn-wa-log-cabin/lc-devops-terraform and Manuss20/trackmverse source code examples are useful. See the Terraform Example section for further details.

    For Azure Resource Manager, the solliancenet/azure-synapse-in-a-day-demos, niallermoran/SmartHVACDemo and Moisesjoel/Primer-proyecto source code examples are useful. See the Azure Resource Manager Example section for further details.

    security-icon

    Automate config file reviews on your commits

    Fix issues in your infrastructure as code with auto-generated patches.

    Table of Contents