Quickstart: Set up the IoT Hub Device Provisioning Service (DPS) with Bicep

Article
03/08/2023

You can use a Bicep file to programmatically set up the Azure cloud resources necessary for provisioning your devices. These steps show how to create an IoT hub and a new IoT Hub Device Provisioning Service instance with a Bicep file. The IoT Hub is also linked to the DPS resource using the Bicep file. This linking allows the DPS resource to assign devices to the hub based on allocation policies you configure.

Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse. Bicep offers the best authoring experience for your infrastructure-as-code solutions in Azure.

This quickstart uses Azure PowerShell, and the Azure CLI to perform the programmatic steps necessary to create a resource group and deploy the Bicep file, but you can easily use .NET, Ruby, or other programming languages to perform these steps and deploy your Bicep file.

Prerequisites

If you don't have an Azure subscription, create an Azure free account before you begin.

Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
- If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
- When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
- Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.

If you choose to use Azure PowerShell locally:
- Install the latest version of the Az PowerShell module.
- Connect to your Azure account using the Connect-AzAccount cmdlet.
If you choose to use Azure Cloud Shell:
- See Overview of Azure Cloud Shell for more information.

Review the Bicep file

The Bicep file used in this quickstart is from Azure Quickstart Templates.

Note

Currently there is no Bicep file support for creating enrollments with new DPS resources. This is a common and understood request that is being considered for implementation.

@description('Specify the name of the Iot hub.')
param iotHubName string

@description('Specify the name of the provisioning service.')
param provisioningServiceName string

@description('Specify the location of the resources.')
param location string = resourceGroup().location

@description('The SKU to use for the IoT Hub.')
param skuName string = 'S1'

@description('The number of IoT Hub units.')
param skuUnits int = 1

var iotHubKey = 'iothubowner'

resource iotHub 'Microsoft.Devices/IotHubs@2021-07-02' = {
  name: iotHubName
  location: location
  sku: {
    name: skuName
    capacity: skuUnits
  }
  properties: {}
}

resource provisioningService 'Microsoft.Devices/provisioningServices@2022-02-05' = {
  name: provisioningServiceName
  location: location
  sku: {
    name: skuName
    capacity: skuUnits
  }
  properties: {
    iotHubs: [
      {
        connectionString: 'HostName=${iotHub.properties.hostName};SharedAccessKeyName=${iotHubKey};SharedAccessKey=${iotHub.listkeys().value[0].primaryKey}'
        location: location
      }
    ]
  }
}

Two Azure resources are defined in the Bicep file above:

Microsoft.Devices/iothubs: Creates a new Azure IoT Hub.
Microsoft.Devices/provisioningservices: Creates a new Azure IoT Hub Device Provisioning Service with the new IoT Hub already linked to it.

Save a copy of the Bicep file locally as main.bicep.

Deploy the Bicep file

Sign in to Azure at the command prompt:
- CLI
- PowerShell
```
az login
```
```
Connect-AzAccount
```
Follow the instructions to authenticate using the code and sign in to your Azure account through a web browser.
If you have multiple Azure subscriptions, signing in to Azure grants you access to all the Azure accounts associated with your credentials.
- CLI
- PowerShell
```
az account list -o table
```
```
Get-AzSubscription
```
Use the following command to select the subscription that you want to use to run the commands to create your IoT hub and DPS resources. You can use either the subscription name or ID from the output of the previous command:
- CLI
- PowerShell
```
az account set --subscription {your subscription name or id}
```
```
Set-AzContext -Subscription {your subscription name or id}
```
Deploy the Bicep file with the following commands.
Tip

The commands will prompt for a resource group location. You can view a list of available locations by first running the command:
- CLI
- PowerShell
az account list-locations -o table

Get-AzLocation
- CLI
- PowerShell
```
az group create --name exampleRG --location eastus
az deployment group create --resource-group exampleRG --template-file main.bicep --parameters iotHubName={IoT-Hub-name} provisioningServiceName={DPS-name}
```
```
New-AzResourceGroup -Name exampleRG -Location eastus
New-AzResourceGroupDeployment -ResourceGroupName exampleRG -TemplateFile ./main.bicep -iotHubName "{IoT-Hub-name}" -provisioningServiceName "{DPS-name}"
```
Replace {IoT-Hub-name} with a globally unique IoT Hub name, replace {DPS-name} with a globally unique Device Provisioning Service (DPS) resource name.

It takes a few moments to create the resources.

Review deployed resources

To verify the deployment, run the following command and look for the new provisioning service and IoT hub in the output:
- CLI
- PowerShell
```
 az resource list -g exampleRg
```
```
Get-AzResource -ResourceGroupName exampleRG
```
To verify that the hub is already linked to the DPS resource, run the following command.
- CLI
- PowerShell
```
az iot dps show --name <Your provisioningServiceName>
```
```
Get-AzIoTDeviceProvisioningService -ResourceGroupName exampleRG -Name "{DPS-name}"
```
Notice the hubs that are linked on the iotHubs member.

Clean up resources

Other quickstarts in this collection build upon this quickstart. If you plan to continue on to work with subsequent quickstarts or with the tutorials, don't clean up the resources created in this quickstart. If you don't plan to continue, you can use Azure PowerShell or Azure CLI to delete the resource group and all of its resources.

To delete a resource group and all its resources from the Azure portal, just open the resource group and select Delete resource group and the top.

To delete the resource group deployed:

CLI
PowerShell

az group delete --name exampleRG

Remove-AzResourceGroup -name exampleRG

You can also delete resource groups and individual resources using the Azure portal, PowerShell, or REST APIs, or with supported platform SDKs.

Next steps

In this quickstart, you deployed an IoT hub and a Device Provisioning Service instance, and linked the two resources. To learn how to use this setup to provision a device, continue to the quickstart for creating a device.

Quickstart: Provision a simulated symmetric key device

Share via