How to get Principal Id in app service using Arm template?
Question
Hi I am writing ARM templates to deploy my app service. I want to create system identity in my arm template. In app service arm template section I have below code.
"identity": {
"principalId": "[reference(variables('identity_resource_id'), '2017-12-01', 'Full').identity.principalId]",
"tenantId": "[parameters('tenantId')]",
"type": "SystemAssigned"
}
Then in variable section I added
"appServiceNameFrontEnd": "[concat(variables('defaultConvention'),'03-','FrontEnd')]"
"identity_resource_id": "[concat(resourceId('Microsoft.Web/sites', variables('appServiceNameFrontEnd')), '/providers/Microsoft.ManagedIdentity/Identities/default')]"
Whenever I tried to run this I get below error
##[error]Deployment template validation failed: 'The template resource 'FrontEnd' at line '1' and column '10436' is not valid: The template function 'reference' is not expected at this location. Please see https://aka.ms/arm-template-expressions for usage details..
Can someone help me how can I get system assigned identity? Any help would be greatly appreciated. Thank you
1 answers
solution1
5 ACCPTED 2020-07-28 06:08:42
You can't specify the id for the system-assigned identity. The valid template is:
"identity": {
"type": "SystemAssigned"
}
The tenantId will be the tenant linked to the subscription always. If you need that elsewhere, you can use [subscription().tenantId] . To access the objectId of the system-assigned identity elsewhere, you can use eg:
"objectId": "[reference(resourceId('Microsoft.Web/sites', variables('appServiceNameFrontEnd')), '2016-08-01', 'Full').identity.principalId]",
(do remember to specify the App Service as a dependency on the resource so that it is only deployed once the App Service has been deployed)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.