1

I'd like to assign a user assigned manage identity a role in resource group scope for Azure Container Instances related operation, such as list containers in a RG, start or stop an container group, is there any build-in role available for this purpose? I searched in the role list, not find any:

enter image description here

lidong
  • 556
  • 1
  • 4
  • 20

1 Answers1

0

Usually,to use a managed identity, that particular identity should have the access granted to following one or more Azure service resources like azure web app, azure key vault(with access policies or roles), or azure storage account in the subscription.

Select Access control (IAM).

and Add role assignment

  • Select roles , select appropriate role that you want the user identity to
    have.

enter image description here

  • Here i am giving for storage access
  • To give storage access select storage blob data reader role or contributer role

enter image description here

  • Then select the managed identity and select required user managed identity.

enter image description here

But please note that from Limitations: Enable managed identity in container group - Azure Container Instances | Microsoft Docs

  1. Currently you can't use a managed identity in a container group deployed to a virtual network.

  2. Container groups which are running in Azure Virtual Networks do not support managed identity authentication image pulls with ACR.

If system assigned identity is enabled, then the group must have 'Contributor' role in order to have access to a storage account.

Reference: use-a-managed-identity | Microsoft Docs

kavyaS
  • 8,026
  • 1
  • 7
  • 19
  • Thanks, but it doesn't seem answer my question. – lidong Sep 14 '22 at 17:54
  • The operations are directly not available AFAIK.You may have to create as custom role to run/stop container instances : see [this](https://i.imgur.com/rPTHDQk.png) – kavyaS Sep 27 '22 at 04:08