Reputation: 12068
Instance roles for Azure vms
Basically I'm trying to implement with Azure the following AWS pattern:
- Assign an IAM role to an Vm (Aws instance equivalent)
- Allow this role to access a certain container (AWS bucket equivalent) as read only and download from there
How it this possible with Azure?
Upvotes: 2
Views: 5011
Answers (3)
Reputation: 897
You can do this in Preview with "Managed Service Identity" (MSI)
Linux doc here: https://learn.microsoft.com/en-us/azure/active-directory/msi-tutorial-linux-vm-access-storage
Windows doc here: https://learn.microsoft.com/en-us/azure/active-directory/msi-tutorial-windows-vm-access-storage
Upvotes: 2
Reputation: 13954
Allow this role to access a certain container (AWS bucket equivalent) as read only and download from there.
For now, Azure does not support AD-based authentication or ACLs.
As a workaround, we can use shared access signatures (SAS).
A shared access signature (SAS) provides you with a way to grant limited access to objects in your storage account to other clients, without exposing your account key.
More information about Azure SAS, please refer to this link.
Upvotes: 0
Reputation: 952
The equivalent to IAM in AWS to Azure is Role-Based Access Control .
You can use Role-Based Access Control to manage access to your Azure subscription resources.
Also if you wish you can create custom roles you can refer this, Creating custom roles for Azure Role-Based Access Control.
You can refer this for custom user roles, Assign custom roles for internal and external users
Upvotes: 1
Related Questions
- Azure assign role when creating VM
- Assign Azure rbac Role to Virtual Machine using terraform
- Azure roles for Blob storage for specific set of permission
- Azure VM with cli
- Azure Web Roles and Instances
- What is the Azure equivalent of Amazon VM tags?
- On Windows Azure is there a difference between VM role and vm instances?
- Azure Virtual Machine VMRole SLA
- Windows Azure VM role upload
- Azure Roles and Instances