Skip to content

Latest commit

 

History

History
59 lines (42 loc) · 3.56 KB

create-managed-identity.md

File metadata and controls

59 lines (42 loc) · 3.56 KB

Overview

MSI (Managed Service Identity, aka Managed Identity) for Azure resources provides Azure services with an automatically managed identity in Azure AD. You can use this identity to authenticate to any service that supports Azure AD authentication without having any credentials in your code.

Set up managed identity

Please note your application should run in VM (Virtual Machine) or App Services on Azure for support of MSI. Choose any of them.

Note: When using Managed Identity, it's not supported to create a resource group automatically, and the resource group should be assigned at least Contributor role.

Method 1: Set up VM and assign identity

  1. Create VM in Azure portal. Please refer to Create a Windows virtual machine in the Azure portal or Create a Linux virtual machine in the Azure portal. Choose either one according to your needs.

  2. Create a user-assigned identity in Azure Portal. Please refer to Create a user-assigned managed identity.

  3. Assign the user-assigned identity to the VM. Please refer to Assign an user-assigned managed identity to an existing VM.

Method 2: Set up App Service and assign identity

  1. Create a managed identity for App Service.

Add Role Assignment for Resource Group

  1. Resource Group: assign Reader role for managed identity. See Add or remove Azure role assignments to add the role assignment for Resource Group.

Deploy application

  1. Run mvn azure-webapp:config to configure the app service, check the maven plugin in pom.xml.

  2. Run mvn clean package azure-webapp:deploy to deploy to Azure App Service. Please see Create a app on Azure App Service.

For different built-in role’s descriptions, please see Built-in role descriptions.