hashicorp · HanaSheto27 · Oct 6, 2025 · Oct 6, 2025 · Oct 7, 2025 · Oct 20, 2025
@@ -182,6 +182,9 @@ service/iot-central:
 service/iot-hub:
   - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_iothub((.|\n)*)###'
 
+service/iot-operations:
+  - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_iotoperations_((.|\n)*)###'
+
 service/key-vault:
   - '### (|New or )Affected Resource\(s\)\/Data Source\(s\)((.|\n)*)azurerm_(key_vault\W+|key_vault_access_policy\W+|key_vault_certificate\W+|key_vault_certificate_contacts\W+|key_vault_certificate_data\W+|key_vault_certificate_issuer\W+|key_vault_certificates\W+|key_vault_encrypted_value\W+|key_vault_key\W+|key_vault_managed_storage_account\W+|key_vault_managed_storage_account_sas_token_definition\W+|key_vault_secret\W+|key_vault_secrets\W+)((.|\n)*)###'
 

@@ -304,6 +304,11 @@ service/iot-hub:
   - any-glob-to-any-file:
     - internal/services/iothub/**/*
 
+service/iot-operations:
+- changed-files:
+  - any-glob-to-any-file:
+    - internal/services/iotoperations/**/*
+
 service/key-vault:
 - changed-files:
   - any-glob-to-any-file:

@@ -65,6 +65,7 @@ var services = mapOf(
         "hybridcompute" to "Hybrid Compute",
         "iotcentral" to "IoT Central",
         "iothub" to "IoT Hub",
+        "iotoperations" to "IoT Operations",
         "keyvault" to "KeyVault",
         "kusto" to "Kusto",
         "legacy" to "Legacy",

@@ -0,0 +1,75 @@
+# IoT Operations Broker
+
+This example shows how to create an Azure IoT Operations broker using Terraform.
+
+## Prerequisites
+
+Before running this example, you need:
+
+1. **Azure CLI** installed and authenticated
+2. **Terraform** 1.6 or later
+3. **Existing Resource Group** in Azure
+4. **Existing IoT Operations Instance**
+5. **Arc-enabled Kubernetes cluster** with a Custom Location
+
+## Usage
+
+### Step 1: Set Variables
+
+Create a `terraform.tfvars` file:
+
+```hcl
+# Prefix for resource naming
+prefix = "mycompany"
+
+# Existing Resource Group
+resource_group_name = "existing-resource-group-name"
+
+# Existing IoT Operations Instance
+instance_name = "existing-iotoperations-instance"
+
+# Custom Location (Arc-enabled Kubernetes cluster)
+custom_location_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.ExtendedLocation/customLocations/example-location"
+```
+
+### Step 2: Deploy
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+## Variables
+
+| Name | Description | Type | Required |
+|------|-------------|------|----------|
+| `prefix` | Prefix for resource naming | `string` | yes |
+| `resource_group_name` | Name of existing resource group | `string` | yes |
+| `instance_name` | Name of existing IoT Operations instance | `string` | yes |
+| `custom_location_id` | ARM ID of Custom Location | `string` | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| `iotoperations_broker_id` | ARM resource ID of the IoT Operations broker |
+
+## Architecture
+
+This example creates:
+
+- **IoT Operations Broker** (named `{prefix}-broker`) within an existing IoT Operations instance
+
+The broker requires:
+- An existing Resource Group
+- An existing IoT Operations Instance
+- An Arc-enabled Kubernetes cluster (Custom Location)
+
+## Cleanup
+
+```bash
+terraform destroy
+```
+
+Note: This will only destroy the broker. The IoT Operations instance, resource group, and Custom Location will remain.
@@ -0,0 +1,122 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+terraform {
+  required_version = ">= 1.6"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.0"
-      version = "~> 3.0"
-      version = "~> 3.0"
+    }
+  }
+}
+provider "azurerm" {
+  features {}
+  subscription_id = "d4ccd08b-0809-446d-a8b7-7af8a90109cd"
-  subscription_id = "d4ccd08b-0809-446d-a8b7-7af8a90109cd"
-  subscription_id = "d4ccd08b-0809-446d-a8b7-7af8a90109cd"
+}
+
+# Use existing resource group
+data "azurerm_resource_group" "example" {
+  name = var.resource_group_name
+}
+
+# IoT Operations broker
+resource "azurerm_iotoperations_broker" "example" {
+  name                = var.broker_name
+  resource_group_name = data.azurerm_resource_group.example.name
+  instance_name       = var.instance_name
+
+  extended_location {
+    name = var.custom_location_id
+    type = "CustomLocation"
+  }
+
+  properties {
+    memory_profile = "Medium"
+
+    cardinality {
+      backend_chain {
+        partitions        = 2
+        redundancy_factor = 1
+        workers          = 1
+      }
+
+      frontend {
+        replicas = 2
+        workers  = 1
+      }
+    }
+
+    advanced {
+      encrypt_internal_traffic = "Enabled"
+
+      clients {
+        max_session_expiry_seconds = 3600
+        max_message_expiry_seconds = 3600
+        max_packet_size_bytes      = 1048576
+        max_receive_maximum        = 100
+        max_keep_alive_seconds     = 3600
+
+        subscriber_queue_limit {
+          length   = 1000
+          strategy = "DropOldest"
+        }
+      }
+
+      internal_certs {
+        duration     = "8760h"
+        renew_before = "720h"
+
+        private_key {
+          algorithm       = "RSA"
+          rotation_policy = "Always"
+        }
+      }
+    }
+
+    diagnostics {
+      logs {
+        level = "info"
+      }
+
+      metrics {
+        prometheus_port = 9090
+      }
+
+      self_check {
+        mode             = "Enabled"
+        interval_seconds = 30
+        timeout_seconds  = 15
+      }
+
+      traces {
+        mode                 = "Enabled"
+        cache_size_megabytes = 16
+        span_channel_capacity = 1000
+
+        self_tracing {
+          mode             = "Enabled"
+          interval_seconds = 30
+        }
+      }
+    }
+
+    disk_backed_message_buffer {
+      max_size = "1Gi"
+
+      ephemeral_volume_claim_spec {
+        access_modes = ["ReadWriteOnce"]
+
+        resources {
+          requests = {
+            "storage" = "1Gi"
+          }
+        }
+      }
+    }
+
+    generate_resource_limits {
+      cpu = "Enabled"
+    }
+  }
+}
@@ -0,0 +1,7 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+output "iotoperations_broker_id" {
+  description = "The ARM resource ID of the IoT Operations broker"
+  value       = azurerm_iotoperations_broker.example.id
+}
@@ -0,0 +1,17 @@
+# Example terraform.tfvars file
+# Copy this to terraform.tfvars and update with your values
+
+# Prefix for resource naming
+prefix = "example"
+
+# Existing Resource Group
+resource_group_name = "existing-resource-group-name"
+
+# Existing IoT Operations Instance
+instance_name = "existing-iotoperations-instance"
+
+# IoT Operations Broker Name
+broker_name = "example-broker"
+
+# Custom Location (Arc-enabled Kubernetes cluster)
+custom_location_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example-rg/providers/Microsoft.ExtendedLocation/customLocations/example-location"
@@ -0,0 +1,27 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+variable "prefix" {
+  description = "The prefix used for all resources in this example"
+  type        = string
+}
+
+variable "resource_group_name" {
+  description = "The name of an existing resource group where resources will be created"
+  type        = string
+}
+
+variable "instance_name" {
+  description = "The name of the existing IoT Operations instance"
+  type        = string
+}
+
+variable "custom_location_id" {
+  description = "The ARM resource ID of the Custom Location (Arc-enabled Kubernetes cluster)"
+  type        = string
+}
+
+variable "broker_name" {
+  description = "The name of the IoT Operations broker"
+  type        = string
+}
@@ -0,0 +1,85 @@
+# IoT Operations Broker Authentication
+
+This example shows how to create an Azure IoT Operations broker authentication using Terraform.
+
+## Prerequisites
+
+Before running this example, you need:
+
+1. **Azure CLI** installed and authenticated
+2. **Terraform** 1.6 or later
+3. **Existing Resource Group** in Azure
+4. **Existing IoT Operations Instance**
+5. **Existing IoT Operations Broker**
+
+## Usage
+
+### Step 1: Set Variables
+
+Create a `terraform.tfvars` file:
+
+```hcl
+# Prefix for resource naming
+prefix = "mycompany"
+
+# Existing Resource Group
+resource_group_name = "existing-resource-group-name"
+
+# Existing IoT Operations Instance
+instance_name = "existing-iotoperations-instance"
+
+# Existing IoT Operations Broker
+broker_name = "existing-iotoperations-broker"
+
+# Authentication audience (optional)
+audience = "aio-internal"
+```
+
+### Step 2: Deploy
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+## Variables
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|----------|
+| `prefix` | Prefix for resource naming | `string` | n/a | yes |
+| `resource_group_name` | Name of existing resource group | `string` | n/a | yes |
+| `instance_name` | Name of existing IoT Operations instance | `string` | n/a | yes |
+| `broker_name` | Name of existing IoT Operations broker | `string` | n/a | yes |
+| `audience` | Authentication audience | `string` | `"aio-internal"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| `iotoperations_broker_authentication_id` | ARM resource ID of the IoT Operations broker authentication |
+
+## Architecture
+
+This example creates:
+
+- **IoT Operations Broker Authentication** (named `{prefix}-broker-auth`) within an existing IoT Operations broker
+
+The broker authentication requires:
+- An existing Resource Group
+- An existing IoT Operations Instance
+- An existing IoT Operations Broker
+
+## Authentication Methods
+
+The example configures:
+- **ServiceAccountToken** authentication method
+- **Custom settings** with audience configuration
+
+## Cleanup
+
+```bash
+terraform destroy
+```
+
+Note: This will only destroy the broker authentication. The broker, IoT Operations instance, and resource group will remain.