Managed Identity and RBAC Setup
Intermediate10 min
Configure managed identities for Azure resources and assign role-based access control to eliminate credential management.
Prerequisites
- -Azure CLI installed
- -Owner or User Access Administrator role on the subscription
Steps
1
Enable system-assigned managed identity
Creates a system-assigned managed identity tied to the lifecycle of the web app.
$ az webapp identity assign --name myapp-unique --resource-group myapp-rg
The output includes the principalId which you need for role assignments.
2
Create a user-assigned managed identity
User-assigned identities can be shared across multiple resources.
$ az identity create --name myapp-identity --resource-group myapp-rg --location eastus
3
Assign a role to the identity
Grants the managed identity permission to read and write blobs in the resource group.
$ az role assignment create --assignee <principalId> --role "Storage Blob Data Contributor" --scope /subscriptions/<sub-id>/resourceGroups/myapp-rg
4
List role assignments
Shows all roles assigned to the identity across scopes.
$ az role assignment list --assignee <principalId> --output table
5
Verify identity access
Tests that the managed identity can access the target resource.
$ az login --identity && az storage blob list --account-name mystorageacct --container-name uploads --auth-mode login
This only works when run from the Azure resource that has the identity assigned.
Full Script
FAQ
Discussion
Loading comments...