az iot ops asset endpoint create

Note

This reference is part of the azure-iot-ops extension for the Azure CLI (version 2.53.0 or higher). The extension will automatically install the first time you run an az iot ops asset endpoint create command. Learn more about extensions.

Command group 'iot ops' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create asset endpoint profiles.

Commands

Name Description Type Status
az iot ops asset endpoint create opcua

Create an asset endpoint profile with an OPCUA connector.

Extension Preview

az iot ops asset endpoint create opcua

Preview

Command group 'iot ops' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create an asset endpoint profile with an OPCUA connector.

Azure IoT OPC UA Connector (preview) uses the same client certificate for all secure channels between itself and the OPC UA servers that it connects to.

For OPC UA connector arguments, a value of -1 means that parameter will not be used (ex: --session-reconnect-backoff -1 means that no exponential backoff should be used). A value of 0 means use the fastest practical rate (ex: --default-sampling-int 0 means use the fastest sampling interval possible for the server).

For more information on how to create an OPCUA connector, please see aka.ms/opcua-quickstart.

az iot ops asset endpoint create opcua --instance
                                       --name
                                       --resource-group
                                       --ta
                                       [--accept-untrusted-certs {false, true}]
                                       [--app]
                                       [--cert-ref]
                                       [--default-publishing-int]
                                       [--default-queue-size]
                                       [--default-sampling-int]
                                       [--ig]
                                       [--instance-subscription]
                                       [--ka]
                                       [--location]
                                       [--password-ref]
                                       [--rad {false, true}]
                                       [--security-mode {none, sign, signAndEncrypt}]
                                       [--security-policy {Aes128_Sha256_RsaOaep, Aes256_Sha256_RsaPss, Basic128Rsa15, Basic256, Basic256Sha256, none}]
                                       [--session-keep-alive]
                                       [--session-reconnect-backoff]
                                       [--session-reconnect-period]
                                       [--session-timeout]
                                       [--slt]
                                       [--smi]
                                       [--tags]
                                       [--ur]

Examples

Create an asset endpoint with anonymous user authentication using the given instance in the same resource group.

az iot ops asset endpoint create opcua --name myprofile -g myresourcegroup --instance myinstance --target-address opc.tcp://opcplc-000000:50000

Create an asset endpoint with anonymous user authentication using the given instance in a different resource group but same subscription. Note that the Digital Operations Experience may not display the asset endpoint profile if it is in a different subscription from the instance.

az iot ops asset endpoint create opcua --name myprofile -g myresourcegroup --instance myinstance --instance-resource-group myinstanceresourcegroup --target-address opc.tcp://opcplc-000000:50000

Create an asset endpoint with username-password user authentication using the given instance in the same resource group.

az iot ops asset endpoint create opcua --name myprofile -g myresourcegroup --instance myinstance --target-address opc.tcp://opcplc-000000:50000 --username-ref myusername --password-ref mypassword

Create an asset endpoint with certificate user authentication using the given given instance in the same resource group.

az iot ops asset endpoint create opcua --name myprofile -g myresourcegroup --instance myinstance --target-address opc.tcp://opcplc-000000:50000 --certificate-ref mycertificate.pem

Create an asset endpoint with anonymous user authentication and recommended values for the OPCUA configuration using the given instance in the same resource group. Note that for successfully using the connector, you will need to have the OPC PLC service deployed and the target address must point to the service. If the OPC PLC service is in the same cluster and namespace as IoT Ops, the target address should be formatted as `opc.tcp://{opc-plc-service-name}:{service-port}` If the OPC PLC service is in the same cluster but different namespace as IoT Ops, include the service namespace like so `opc.tcp://{opc-plc-service-name}.{service-namespace}:{service-port}` For more information, please see aka.ms/opcua-quickstart

az iot ops asset endpoint create opcua --name myprofile -g myresourcegroup --instance myinstance --target-address opc.tcp://opcplc-000000:50000 --accept-untrusted-certs --application myopcuaconnector --default-publishing-int 1000 --default-queue-size 1 --default-sampling-int 1000 --keep-alive 10000 --run-asset-discovery --security-mode sign --security-policy Basic256 --session-keep-alive 10000 --session-reconnect-backoff 10000 --session-reconnect-period 2000 --session-timeout 60000 --subscription-life-time 60000 --subscription-max-items 1000

Required Parameters

--instance

Instance name to associate the created asset with.

--name -n

Asset Endpoint Profile name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--ta --target-address

Target Address. Must be a valid local address that follows the opc.tcp protocol.

Optional Parameters

--accept-untrusted-certs --auc

Flag to enable auto accept untrusted server certificates.

Accepted values: false, true
--app --application

Application name. Will be used as the subject for any certificates generated by the connector.

--cert-ref --certificate-ref --cr

Reference for the certificate used in authentication. This method of user authentication is not supported yet.

--default-publishing-int --dpi

Default publishing interval in milliseconds. Minimum: -1. Recommended: 1000.

--default-queue-size --dqs

Default queue size. Minimum: 0. Recommended: 1.

--default-sampling-int --dsi

Default sampling interval in milliseconds. Minimum: -1. Recommended: 1000.

--ig --instance-resource-group

Instance resource group. If not provided, asset endpoint profile resource group will be used.

--instance-subscription --is
Deprecated

Argument 'instance_subscription' has been deprecated and will be removed in a future release.

Instance subscription id. If not provided, asset endpoint profile subscription id will be used.

--ka --keep-alive

Time in milliseconds after which a keep alive publish response is sent. Minimum: 0. Recommended: 10000.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--password-ref --pr

Reference for the password used in authentication.

--rad --run-asset-discovery

Flag to determine if asset discovery should be run.

Accepted values: false, true
--security-mode --sm

Security mode.

Accepted values: none, sign, signAndEncrypt
--security-policy --sp

Security policy.

Accepted values: Aes128_Sha256_RsaOaep, Aes256_Sha256_RsaPss, Basic128Rsa15, Basic256, Basic256Sha256, none
--session-keep-alive --ska

Time in milliseconds after which a session keep alive challenge is sent to detect connection issues. Minimum: 0. Recommended: 10000.

--session-reconnect-backoff --srb

Session reconnect exponential back off in milliseconds. Minimum: -1. Recommended: 10000.

--session-reconnect-period --srp

Session reconnect period in milliseconds. Minimum: 0. Recommended: 2000.

--session-timeout --st

Session timeout in milliseconds. Minimum: 0. Recommended: 60000.

--slt --subscription-life-time

Life time in milliseconds of the items created by the connector for the subscription. Minimum: 0. Recommended: 60000.

--smi --subscription-max-items

Maximum number of items that the connector can create for the subscription. Minimum: 1. Recommended: 1000.

--tags

Asset Endpoint Profile resource tags. Property bag in key-value pairs with the following format: a=b c=d.

--ur --username-reference

Reference for the username used in authentication.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.