Enable Managed Identity on staging VM

Question

Enable Managed Identity on staging VM

Antiohne opened this issue 3 years ago · 1 comments

Azure Image Builder requires you to create an Azure user-assigned managed identity. The Azure Image Builder uses the user-assigned managed identity to read images, write images, and access Azure storage accounts. You grant the identity permission to do specific actions in your subscription.

It would be nice that the user-assigned managed identity is also enabled on the staging VM. For example for retrieving secrets from an Azure Key Vault instance from within a PowerShell script.

According to the reaction of @danielsollondon on this similar request this feature is on a backlog of the product team. After September 2020 there where no more updates about this item.

Answer 1 · 2022-02-28T14:05:03.000Z

Hello Antionhne,

It's now possible to do this :
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/image-builder-json#user-assigned-identity-for-the-image-builder-build-vm

Care about the right you'll have to add to your identity : "Managed Identity Operator"
For me, just adding "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action" to the custom role was enough.

;)