Reputation: 2025
Does Azure have IAM?
I just wrote my first app with Azure. Just a small function app calling the IoT service and suddenly it hit me - I didn't have to create any IAM role or anything. The app just worked. I tried to look up the IAM service on Azure, but found nothing. This would never fly with AWS or Google Cloud. Does Azure have any IAM-like management anywhere? If my app has a bug that allows remote server-side code execution, does it mean that the attacker will basically gain access over my entire Azure account?
Upvotes: 0
Views: 805
Answers (1)
Reputation: 72191
Azure does have role based access control and managed service identity (identity you assign to azure services, not all of the services have that yet). If you are using connection strings (usual pattern) nothing would happen if your app gets compromised. Attacker would be able to talk to your IoT Hub (or whatever you were using).
If you are using managed service identity then the attacker could, in theory, act on behalf of that identity. So if you grant all permission to that identity - then yes. Attacker would be able to do anything.
If your application talk to Azure REST Api directly to create\modify resources and gets compromised - attacker would, in theory, have the same rights as the application.
Having said that, I dont think Azure is any way less secure then AWS or GCP. Unless you grant the app all the permissions in the world - it has none to actually manage Azure.
Upvotes: 1
Related Questions
- What is the difference between IAM and Azure AD on the azure cloud?
- Does Windows Azure have the equivalent of AWS Identity Access Management?
- Authentication with Azure Management API
- Azure AD Integrated Authentication
- IAM or AD in azure
- Types of authentication in azure?
- Authenticate in Azure
- Azure Authentification and Authorization
- Does Windows Azure ACS support username / password auth?
- Any standardized login functionality available in Azure