Managed Identity¶
https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
After creating the identity, with the scope of the resource's manager id create roles linked to the identity's principle id, then add the identity to the appilication so the app can access the resources.
Managed identities provide an automatically managed identity in Azure Active Directory for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.
Applications can use managed identities to obtain Azure AD tokens without having to manage any credentials.
system and user types¶
System assigned(1:1): generated by the service, will be deleted when the parent resource or service is deletedUser assigned(1:n): created standalone and assigned to services, can be applied and reused with multiple services
difference between service principal¶
https://stackoverflow.com/questions/61322079/difference-between-service-principal-and-managed-identities-in-azure
For managed identities, admins do not have to manage credentials, including passwords - so no one knows the credentials.
Managed identities manage the creation and automatic renewal of a service principal on your behalf?
Managed identities are service principals of a special type, which are locked to only be used with Azure resources.
When the managed identity is deleted, the corresponding service principal is automatically removed.
When a User-Assigned or System-Assigned Identity is created, the Managed Identity Resource Provider (MSRP) issues a certificate internally to that identity.
benifit¶
https://learningbydoing.cloud/blog/stop-using-client-secrets-start-using-managed-identities/
Managed identity for container¶
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-managed-identity