0

According to SDK-v2's ManagedOnlineEndpoint documentation, auth_mode must be provided thru key or aml_token. This means, once the endpoint is deployed, we need to include the api key or token when we send POST requests to the API. I'm wondering if there's a way to bypass providing these authentication methods, e.g., thru Azure ManagedIdentity?

My motivation for bypassing the key/token authentication is that, I have an ML model (deployed via ManagedOnlineEndpoint) that needs to call multiple other secondary ManagedOnlineEndpoints and then use their outputs as input-features in the (main) model. It would be nice to not have to manage API-keys for those secondary model endpoints.

I have a solution that works, but I'm curious if there's an alternative or more elegant way of doing it. The current solution is, I'm storing APIkeys of the secondary models in Azure KeyVault and then retrieve them when needed, i.e., defined in the scoring script of the (main) model.

Jhons D
  • 1
  • 2

1 Answers1

0

Use managed identity for seamless access to your resources. Here is the Document to access Azure resources from an online endpoint with a managed identity.

The identity for an endpoint is immutable. During endpoint creation, you can associate it with a system-assigned identity (default) or a user-assigned identity. You can't change the identity after the endpoint has been created.

Ram
  • 2,459
  • 1
  • 7
  • 14
  • According to the doc you linked, a json request is sent to the endpoint using `online_endpoint.invoke()`-function, which I find to be convenient for testing but not very practical for real-time invocations. Is there a way to use python `requests` module and attach managedIdentity authentication (and hence bypass the need for an API key)? Note: the [sdk-v1 doc](https://learn.microsoft.com/en-us/azure/machine-learning/v1/how-to-consume-web-service?tabs=python) shows atypical way of sending requests using API-key in the header. – Jhons D Dec 20 '22 at 23:02