RBAC role for VM to manage resources with az

Question

New to Azure. I was trying to use az cli in 18.04.1-Ubuntu to manage a resource group [The VM is part of the resource group]. I enabled the system managed assigned identity for the VM and also gave RBAC access of owner to the VM from the resource group IAM.

But when I try to use the az resource list -g 'resource_group_name' I get Please run 'az login' to setup account.

Answer 1

After some research I figured out that the identity has to be used for first time login to get the token for the cli. As per the docs https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-sign-in

So basically the step is

1. Create an identity for the VM
2. Give a role to the identity from the resource that you intend the VM to manage.
3. Use the identity as an authenticator for the initial login using az login --identity to get the token which is valid till 90 days of inactivity.Since the identity is already related to the VM, the token is generated without passwords or usernames.
4. Then the VM can use the role to manage the resource.

Sharing it as this maybe useful to others