question

AmarnathManchala-5911 avatar image
0 Votes"
AmarnathManchala-5911 asked ·

System managed Identity to Azure VM

Hi

I have an Azure VM and we deployed rest based service in VM on IIS.

This rest service need to access the KeyVault in Azure, We enabled System assigned identity to Azure VM.

If we give permission to this SystemAssigned identity to read keys from KeyValut is that sufficient or for Web application running on IIS in VM also need to provide access?

My Understanding is if we give permission for the system assigned identity for VM level, All the services running in VM will have the same system assigned identity.




azure-virtual-machines
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

shivapatpi-MSFT avatar image
0 Votes"
shivapatpi-MSFT answered ·

Hello @AmarnathManchala-5911 ,
Thanks for your query ! If the VM is enabled with System Assigned Managed Identity all the services running should be able to authenticate by using the same identity token provided by Azure Instance Metadata. But if there is any piece of code/Application which is trying to retrieve secrets from Key Vault you will have to grant your code/application access to the specific secret or key in Key Vault by using the Access policies section of the Key Vault from Azure Portal.
In the Key Vault -> Access Policies -> Add Policy -> Key Management

How Managed Identity works:
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-managed-identities-work-vm
More significantly check out :
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-managed-identities-work-vm#system-assigned-managed-identity

If the above information helps out , please make sure to "Upvote and Accept the Answer"

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.