Azure Functions – Powershell – Managed Service Identity (MSI) – Azure Resource Manager API

Managed Service Identity (MSI) was announced yesterday. It is a way of securely accessing Azure resources without having to deal with securely storing your keys, who has access to your keys, are your keys in your source control or dealing with key rotation etc. More info can be found in the following link. https://docs.microsoft.com/en-us/azure/active-directory/msi-overview

Step One

Enable Managed Service Identity within Azure Functions.

msi_functions_enable

Step Two

You will need to give the Managed Service Identity access to the Azure resources you want to access. This is straight forward to do through the Access Control (IAM) blade of the Azure portal.

Choose the role you want the Managed Service Identity to have on the resource. Use the search box to search for the name of the Azure Function App you have enabled Managed Service Identity on.

msi_functions_iam

Step 3

Create a function within Azure Functions with below PowerShell code. Which will get an access code we can use to query the AzureRM API with. It will also list the subscriptions the Managed Service Identity has access to (Remember to assign access to the subscriptions using Access Control (IAM)).

When you run the function you should get the following output in the console if everything is setup correctly.

msi_functions_success

About the author

Ben Taylor

Cloud and PowerShell enthusiast with a penchant for automation and CI.

View all posts

Leave a Reply

Your email address will not be published. Required fields are marked *