Share via


az iot ops identity

Note

This reference is part of the azure-iot-ops extension for the Azure CLI (version 2.53.0 or higher). The extension will automatically install the first time you run an az iot ops identity command. Learn more about extensions.

Instance identity management.

Commands

Name Description Type Status
az iot ops identity assign

Assign a user-assigned managed identity with the instance.

Extension GA
az iot ops identity remove

Remove a user-assigned managed identity from the instance.

Extension GA
az iot ops identity show

Show the instance identities.

Extension GA

az iot ops identity assign

Assign a user-assigned managed identity with the instance.

This operation includes federation of the identity.

az iot ops identity assign --mi-user-assigned
                           --name
                           --resource-group
                           [--fc]
                           [--self-hosted-issuer {false, true}]
                           [--usage {dataflow}]

Examples

Assign and federate a desired user-assigned managed identity.

az iot ops identity assign --name myinstance -g myresourcegroup --mi-user-assigned $UA_MI_RESOURCE_ID

Required Parameters

--mi-user-assigned

The resource Id for the desired user-assigned managed identity to use with the instance.

--name -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--fc

The federated credential name.

--self-hosted-issuer

Use the self-hosted oidc issuer for federation.

Accepted values: false, true
--usage

Indicates the usage type of the associated identity.

Accepted values: dataflow
Default value: dataflow
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot ops identity remove

Remove a user-assigned managed identity from the instance.

az iot ops identity remove --mi-user-assigned
                           --name
                           --resource-group
                           [--fc]

Examples

Remove the desired user-assigned managed identity from the instance.

az iot ops identity remove --name myinstance -g myresourcegroup --mi-user-assigned $UA_MI_RESOURCE_ID

Required Parameters

--mi-user-assigned

The resource Id for the desired user-assigned managed identity to use with the instance.

--name -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--fc

The federated credential name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot ops identity show

Show the instance identities.

az iot ops identity show --name
                         --resource-group

Examples

Show the identities associated with the target instance.

az iot ops identity show --name myinstance -g myresourcegroup

Required Parameters

--name -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.