3

I have enabled the Managed Service Endpoint for the App Service and I am able to see the MSI_ENDPOINT and the MSI_SECRET injected into the environment. am able to get the azure AD access token also when invoking the MSI_ENDPoint.

But as per the Azure documentation, we have to use the IMDS endpoint going forward.

When accessing the URL http://169.254.169.254/metadata/identity/oauth2/token properly with api-version and the metadata via PowerShell, I am getting an error that unable to connect to the remote server though I am able to get access token from the same PowerShell instance when hitting the MSI_Endpoint which is http://localhost:XXXX/MSI/token where XXXX is the port number.

Chait
  • 1,052
  • 2
  • 18
  • 30
SatishKuncha
  • 71
  • 1
  • 6

1 Answers1

4

IMDS (Instance Metadata Service) is only available for Azure Virtual Machine and Virtual Machine Scale Set resources. You won't be able to call IMDS from within an App Service. The documentation to migrate from localhost:xxxx to IMDS is only relevant for Virtual Machine and Virtual Machine Scale Set resources.

Here are the docs specific to App Services. Note that MSI_ENDPOINT is used here.

Riley - MSFT
  • 41
  • 4