Channels
#azure
Title
# azure
a
abundant-knife-92318
09/20/2023, 11:42 AMAre there any good guides or example around that show how to work with managed identity and Azure Native? For example, showing how to allow an Azure Web App to access a Storage Account and a Redis Cache via User Assigned Managed Identity?
w
worried-knife-31967
09/20/2023, 4:33 PMIt should be as simple as enabling the system managed identity, taking that identity ID from the output and adding the identity to the roles.
There's a separate resource for role assignment.
https://github.com/martinjt/aks-otel-demo/blob/main/infra/AKSCluster.cs#L99
That's an example of taking the system managed identity out of the AKS cluster and granting it DNS Contributor roles.
a
abundant-knife-92318
09/21/2023, 2:00 PMMagic, thanks @worried-knife-31967
I ended up doing something a little different. I'm creating a User Assigned Identity rather than using the System Assigned Identity of a resource...
Copy code
var identity = new UserAssignedIdentity(NameGenerator.ManagedIdentity("marketplace"), new UserAssignedIdentityArgs
{
ResourceGroupName = resourceGroup.Name
}); Copy code
var roleAssignment = new RoleAssignment("storageAccountRoleAssignment", new RoleAssignmentArgs
{
PrincipalId = identity.PrincipalId.Apply(x => x),
RoleDefinitionId = RoleDefinitions.StorageAccountContributor,
Scope = Resource.Id,
PrincipalType = PrincipalType.ServicePrincipal
});w
worried-knife-31967
09/21/2023, 2:08 PMUser Assigned can be useful, especially if you have a fleet of services that need the same access, that way, you can add them to groups, but you can do that with system managed too.
User Assigned will also live beyond the appservice, so you can replace it easier.