This document discusses managed identities in Azure, which provide Azure services with automatically managed identities in Azure Active Directory. It describes system-assigned and user-assigned managed identities, how they work under the hood using the Azure instance metadata service, and examples of Azure services that support managed identities and Azure Active Directory authentication. The document concludes with a demonstration of using system-assigned and user-assigned managed identities with Azure App Service and Azure Key Vault.
Apidays New York 2024 - The value of a flexible API Management solution for O...
Good Bye Credentials in Code, Welcome Azure Managed Identities
1. GOODBYE CREDENTIALS IN CODE,
WELCOME AZURE MANAGED
IDENTITIES
Kasun Kodagoda
Technical Lead | 99X Technology
2. I am, Kasun Kodagoda
• In ♥ with Azure & Azure DevOps
• Active Blogger – https://kasunkodagoda.com
• Open Source Contributor - https://github.com/kasunkv
• Technical Lead
I Work For,
• Established in 2004
• Headquartered in Sri Lanka with offices in
Europe and Australia
• Providing high quality, high value Software
Product Engineering + R&D services
14 250
150 20
+ +
++
Years Employees
Products Awards
Of Expertise Innovating Daily
To Global Markets International Impact
4. What is Managed Identity?
Managed Identities for Azure Resources is a feature in Azure AD
that providers Azure Services with an Automatically managed
identity in Azure AD
5. Types of Managed Identities
• System-Assigned
• Enabled directly on the supported Azure Resource Instance
• Lifecycle of the System-Assigned MI is directly tied to the Azure Resource
Instance
• Credentials are provisioned on the Azure Service Instance
• User-Assigned
• Created as a standalone Azure Resource
• Lifecycle is not directly tied to any Azure Resource
• Can be assigned to one or more Azure Resource instances
8. Services That Support Managed
Identities
• Enable Managed Identities on the resources
• To access Azure AD Authentication supported services
Azure VM Azure VM Scale Sets Azure App Service Azure Blueprints Azure Functions
Azure Logic Apps Azure API Management Azure Data Factory v2 Azure Container Instances
9. Services That Support Azure AD
Authentication
• Use Managed Identities to access these resources
Azure Resource Manager Azure Key Vault Azure Data Lake Azure SQL
Azure Storage Blobs/Queues Azure Analysis Service Azure Event Hub Azure Service Bus
14. Your Feedback is Important
https://forms.gle/osSU42zm4CuhAF8m9
15. • Managed Identities for Azure Resources - http://bit.ly/2Zf75zW
• Services That Support Managed Identities - http://bit.ly/2QVxWOt
• Services That Support Azure AD Authentication - http://bit.ly/31hvyGm
• Articles about Managed Identities on KasunKodagoda.com -
https://kasunkodagoda.com/tag/managed-identity/
References
Hinweis der Redaktion
.
How do you manage credentials in your application code for authenticating to other cloud services?
Credentials
Should never be stored in the developers machines
Should never be checked in to version control
When using credentials to access other resources, you have to
Think about how these credentials are stored
Make sure never to commit them to version control
Think about credentials/key rotation to secure the keys etc.
Managed identity works in combination with Azure AD Authentication and RBAC Authorization