I’m working on a new project that will use managed identities to access an SQL database from a function app. I chose to use a user-assigned identity to simplify our deployment scenario. We use deployment slots for zero downtime deployments and I want to assign a single identity to control database access across those slots.
I will post the complete ARM template later. For now, here is one that creates a user-assigned identity and includes its client ID in the output.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
“$schema”: “https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#“, | |
“contentVersion”: “1.0.0.0“, | |
“parameters”: { | |
“identityName”: { | |
“type”: “string“, | |
“defaultValue”: “[concat(‘uai-‘, uniqueString(resourceGroup().id))]“, | |
“metadata”: { | |
“description”: “The name of the identity resource“ | |
} | |
} | |
}, | |
“variables”: {}, | |
“resources”: [ | |
{ | |
“type”: “Microsoft.ManagedIdentity/userAssignedIdentities“, | |
“name”: “[parameters(‘identityName’)]“, | |
“apiVersion”: “2018-11-30“, | |
“location”: “[resourceGroup().location]“ | |
} | |
], | |
“outputs”: { | |
“identityClientId”: { | |
“type”: “string“, | |
“value”: “[reference(resourceID(‘Microsoft.ManagedIdentity/userAssignedIdentities/’,parameters(‘identityName’)), ‘2018-11-30’).clientId]“ | |
} | |
} | |
} |