MSI (Managed Service Identity, aka Managed Identity) for Azure resources provides Azure services with an automatically managed identity in Azure AD. You can use this identity to authenticate to any service that supports Azure AD authentication without having any credentials in your code.
Please note your application should run in VM (Virtual Machine) or App Services on Azure for support of MSI. Choose any of them.
Note: When using Managed Identity, it's not supported to create a resource group automatically, and the resource group should be assigned at least Contributor
role.
-
Create VM in Azure portal. Please refer to Create a Windows virtual machine in the Azure portal or Create a Linux virtual machine in the Azure portal. Choose either one according to your needs.
-
Create a user-assigned identity in Azure Portal. Please refer to Create a user-assigned managed identity.
-
Assign the user-assigned identity to the VM. Please refer to Assign an user-assigned managed identity to an existing VM.
- Create a managed identity for App Service.
- If you choose system-assigned identity, follow Adding a system assigned identity.
- If you choose user-assigned identity, follow Adding a user assigned identity.
- Resource Group: assign
Reader
role for managed identity. See Add or remove Azure role assignments to add the role assignment for Resource Group.
-
Run
mvn azure-webapp:config
to configure the app service, check the maven plugin in pom.xml. -
Run
mvn clean package azure-webapp:deploy
to deploy to Azure App Service. Please see Create a app on Azure App Service.
For different built-in role’s descriptions, please see Built-in role descriptions.