Evaluate usage of User Managed Identities for instances

Question

Evaluate usage of User Managed Identities for instances

Closed this issue 4 years ago · 0 comments

ripa1993 commented 4 years ago

At the moment we are using System Assigned service principals for instances. This has the major drawback that once an instance is destroyed and recreated, the assigned identity changes and as such we need to rerun caravan-platform in order to address for the new ids.

Using User Managed Identities for instances should avoid this issue. Azure allows having SystemAssigned + UserManagedIdentities on the same compute instance, but this might cause problem during automated operations like Vault Unseal or Agents Auto Auth. We should always rely only on one of the two.

Let's try switching to UMI and check that the process works fine.
Low effort.