0

I have an event hub EH1 in "Sub1" and Streaming Job ASA1 in "Sub2". EH1 is the streaming input to ASA1. For added security, I am planning to use Managed Identity to access event hub from an Streaming Analytics job. https://learn.microsoft.com/en-us/azure/stream-analytics/event-hubs-managed-identity

For doing this, an "Event Hub Data Receiver" role has to be assigned to job in event hub. Now since streaming job is in another subscription, I am not able to lookup the job while adding the role.

How can this solution proceed? how can streaming job in Sub2 be visible in Sub1?

Appreciate your responses.

Abhijit
  • 1

1 Answers1

1

The resources being in different subscriptions should not matter. I've tested this recently and I can definitely see the Managed Identity from another subscription.

What actually matters is the Azure AD tenant linked to the subscriptions. Managed Identities only work within one tenant, so both subscriptions must be linked to the same Azure AD tenant.

If they are using the same tenant, it could also be that your user does not have rights to list service principals from the Azure AD tenant.

juunas
  • 54,244
  • 13
  • 113
  • 149
  • thank you for your response. I understand the linking part. However I am a bit confused where MS documentation says AD can be linked to multiple subs where as sub can be associated with only one AD – Abhijit Jun 03 '21 at 12:24
  • I'm not sure if documentation explicitly mentions it somewhere but I work in multiple tenants with multiple subscriptions in each, so that is definitely how it works. You can have multiple subscriptions that all link to one tenant. – juunas Jun 03 '21 at 12:49