Notes on Azure Managed Identities
Concept
An Azure resource can have 2 types of identities - a system managed identity and a user managed identity.
To give an example, suppose you have a webapp that needs to connect to an sql server resource. You can give the webapp a system-managed identity and then go to the sql server resource and give the identity access to the contributor role. Now suppose you have more than one webapp that need to access to the same sql server reources, then instead of assigning the system managed identity of each webapp webapp to the sql server resource, you can create a user managed identity and give this one identity access to the webapps and the sql server.
System Assigned is linked to a single Azure Resource, eg. Virtual Machine, LogicApp. User Assigned is a Stand-Alone object, which can be linked to multiple Azure Resources.
Managed Identities are associated with a resource group.
Why use managed identities
-
No manual credential management. Automatic credential management.
-
No overhead for key rotation
-
No storage of credentials in configuration files.
-
Easily authenticate to other Azure services supporting Azure AD authentication.
-
Assign RBAC role to the managed identity for access.
Primary Use Case
As a dev, I want to build an application using Azure resources that access other azure resources without having to manage credentials.
For example, I want to build an application using Azure App Services that accesses Azure Storage without having to manage any credentials.