Getting started on managing Azure resources from a managed service identity (MSI) enabled virtual machine that belongs to an Azure Active Directory (AAD) security group using C#
Azure Compute sample for managing virtual machines -
- Create a AAD security group
- Assign AAD security group Contributor role at a resource group
- Create a virtual machine with MSI enabled
- Add virtual machine MSI service principal to the AAD group
- Set custom script in the virtual machine that - install az cli in the virtual machine - uses az cli MSI credentials to create a storage account
- Get storage account created through MSI credentials.
Running this Sample
To run this sample:
Set the environment variable
AZURE_AUTH_LOCATION with the full path for an auth file. See how to create an auth file.
git clone https://github.com/Azure-Samples/compute-dotnet-manage-resources-from-vm-with-msi-in-aad-group.git cd compute-dotnet-manage-resources-from-vm-with-msi-in-aad-group dotnet build bin\Debug\net452\ManageResourceFromMSIEnabledVirtualMachineBelongsToAADGroup.exe