Access Azure Container Instance from Azure Function

Question

I have an Azure Function which needs to invoke an Azure REST API for Azure Container Instances - basically I just need to restart the Container group- I have managed identity enabled for the function and tried using AzureServiceTokenProvider to get access token to the management API for Azure Containers.

The resource used with token provider is https://management.azure.com. But when I tried accessing the REST API using the token, I am getting Forbidden Error.

I have given Contributor role to my system assigned managed identity for the function. What could be the issue? Code inside the function is as below

var azureServiceTokenprovider = new AzureServiceTokenProvider();
        string accessToken = await azureServiceTokenprovider.GetAccessTokenAsync("https://management.azure.com/");

        var acrUrl = $"https://management.azure.com/subscriptions/{mysubid}/resourceGroups/{reource group name}/providers/Microsoft.ContainerInstance/containerGroups/{container group name}/restart?api-version=2021-09-01";
        HttpClient client = new();
        var content = "{}";
        client.DefaultRequestHeaders.Authorization =    new AuthenticationHeaderValue("Bearer", accessToken);
        var result = await client.PostAsync(acrUrl, new StringContent(content.ToString()));

Answer 1

I've faced a similar problem. What I did to solve was accessing the Resource Group -> Access Control IAM and gave add the principal to Contributor Role, it worked in my case and I do believe it will work for yours too.