deploying azure function app that uses a system assigned managed identity
Question
We have an azure function app that uses a system assigned managed identity to access resources.
I have not found a way to use this system assigned identity when deploying the function app via devops. eg
- deploy the function app.
- enable the system assigned identity.
- grant function app access to key vault with the system assigned managed identity.
is this a case where the system assigned identity simply does not work and i need to create one manually ?
1 answers
solution1
0 ACCPTED 2022-06-22 03:32:37
First of all, if you want to deploy the function app via DevOps using managed identity created by the azure function, the answer is no .
See here:
You are required to use a self-hosted agent on an Azure VM in order to use managed service identity.
Follow the steps above if you want to use manage identity to integrate with DevOps.
A system-assigned managed identity is enabled directly on an Azure service instance. When the identity is enabled in your azure function app service instance, Azure creates an identity for the azure function app instance in the Azure AD tenant that's trusted by the subscription of the instance. After the identity is created, the credentials are provisioned onto the azure function app instance.
You can find it in Enterprise applications of AAD.
This application has nothing to do with the credentials required to deploy azure functions from DevOps.
The managed identity you create with the 'enable' button is mainly used to manage the access rights of the azure function app instance to other service instances in azure.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.