Below is the scenario: We have a User Assigned Managed Identity in Resource Group 'A' and we are creating a new Resource Group 'B' and want to add MSI from Resource Group A to be B.
How can we achieve this via Azure CLI?
Asked
Active
Viewed 1,712 times
2 Answers
0
You could use az identity list -g '<resource group name>' to get the id, then use the command below, the id means the User Assigned Managed Identity resource id, it works fine on my side.
az resource move --destination-group '<destination resource group>' --ids '<User Assigned Managed Identity resource id >'
Update:
az role assignment create --resource-group '<resourcegroupname>' --role 'Contributor' --assignee '<service principal objectId>'
Check in the portal:
Besides, you could find the ObjectId in Azure Active Directory -> Enterprise applications(All applications), just search for your User Assigned Managed Identity name.
Joy Wang
- 39,905
- 3
- 30
- 54
-
This will move out this resource from my Resource Group 'A'. We need to add/assign Contributor role to an MSI in IAM Section to Resource Group 'B' – Aakash Mohan Aug 14 '18 at 08:59
-
@AakashMohan If you create `User Assigned Managed Identity`, there will be a service principal automatically. When you add it to IAM in a resource group, it essentially add the service principal to it, you could refer to my update. – Joy Wang Aug 14 '18 at 10:25
-
I will test this and get back to you. – Aakash Mohan Aug 21 '18 at 06:37
-
It worked just fine. thanks for your help. I had to use objectid to make it run – Aakash Mohan Aug 24 '18 at 00:50
0
This tutorial step shows how to grant permissions to a user assigned managed identity, via CLI: https://learn.microsoft.com/en-us/azure/active-directory/managed-service-identity/msi-tutorial-linux-vm-access-arm#grant-your-user-assigned-identity-access-to-a-resource-group-in-azure-resource-manager
Arturo Lucatero - MSFT
- 291
- 1
- 9