Reputation: 93
Can you assign a user Managed Identity for individual functions in a Function App?
I'm in the process of creating some functions inside an Azure Function app to perform some internal tasks. Our general principle of authenticating Azure resources is to use Managed Identities wherever possible with the minimum set of permissions required for the resource to perform its duties. I have several functions inside the app which perform different tasks and therefore require a different set of permissions. For example:
- Function 1 moves a file inside a Storage Account file share
- Function 2 regenerates a secret inside Key Vault
Is it possible to assign a user-assigned managed identity to individual functions? If not, how could one go about implementing this kind of behaviour without assigning multiple identities to the function app itself? Thanks.
Upvotes: 1
Views: 310
Answers (1)
Reputation: 18387
No, the managed identity is assigned at the Function App Level.
if you need such granularity, you'd better separate your functions into different Azure Function Apps.
Upvotes: 2
Related Questions
- Unable to use 'User-managed identity' with Azure Function App
- Azure - System Assigned Managed Identities for Function App
- How to protect an Azure Function with System assigned Managed Identity
- User assigned managed identity with azure function - is it possible?
- Can you use a Managed Identity to access an Azure Function from an Azure App Service?
- Azure Function App Chaining Authorisation
- Azure functions: Multiple functions with different authentication
- Can Managed Identity of a Azure Function have access across multiple subscriptions?
- Azure Function Authorization
- Custom authorisation of an Azure Function