Reputation: 14596
Managed Identity fails when running WebApp from Azure VM
I have created a asp.net API that accesses KeyVault to get secrets.
When I run locally on my laptop, I use Managed Identity to access KeyVault with a dedicated Service Princiapl. (with AZURE_CLIENT_ID, AZURE_CLIENT_SECRET and AZURE_TENANT_ID set in my system environment variables).
This is working just fine.
Now I have created a VM in Azure to be used as a developer machine. All the tools are installed and configured like they are on my laptop.
But when I run the web API I get a 403 telling me the object ID #### does not have Get/List access to KeyVault. I've checked and the object ID matches the one of the VM. Indeed the VM does not have this access to KeyVault, however I'd expect the Web API to run with the configured AZURE_CLIENT_ID in my environment variables.
Am I missing something ?
Upvotes: 0
Views: 169
Answers (1)
Reputation: 3505
Ensure get/list operations are selected/enabled in the access policy created for your managed identity/service principal:
Upvotes: 0
Related Questions
- Azure App Service with User-Assigned Managed Identity crashes application
- Why does my IdentityServer4 application fail to start in an Azure WebApp hosting environment?
- Cannot login to Azure with system assigned managed identity ID
- Exception while connecting to KeyVault from Azure VM
- User.Identity no longer set in Azure web app with Authentication enabled
- Why does Azure Managed Identity show as Invalid Resource ID
- Multicontainer Azure WebApp not working with Managed Identity
- Azure managed identity error - Could not find identity for access token
- New deployment of Azure VMSS with system assigned Managed identity fails
- Deploying to Azure causes fatal error