I’m working on a new project that will use managed identities to access an SQL database from a function app. I chose to use a user-assigned identity to simplify our deployment scenario. We use deployment slots for zero downtime deployments and I want to assign a single identity to control database access across those slots.
I will post the complete ARM template later. For now, here is one that creates a user-assigned identity and includes its client ID in the output.
{ | |
“$schema”: “https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#“, | |
“contentVersion”: “1.0.0.0“, | |
“parameters”: { | |
“identityName”: { | |
“type”: “string“, | |
“defaultValue”: “[concat(‘uai-‘, uniqueString(resourceGroup().id))]“, | |
“metadata”: { | |
“description”: “The name of the identity resource“ | |
} | |
} | |
}, | |
“variables”: {}, | |
“resources”: [ | |
{ | |
“type”: “Microsoft.ManagedIdentity/userAssignedIdentities“, | |
“name”: “[parameters(‘identityName’)]“, | |
“apiVersion”: “2018-11-30“, | |
“location”: “[resourceGroup().location]“ | |
} | |
], | |
“outputs”: { | |
“identityClientId”: { | |
“type”: “string“, | |
“value”: “[reference(resourceID(‘Microsoft.ManagedIdentity/userAssignedIdentities/’,parameters(‘identityName’)), ‘2018-11-30’).clientId]“ | |
} | |
} | |
} |