Patrick
Reputation: 2208
Use user assigned managed identity for Azure VM with proxy
We created an Azure VM with a user-assigned managed identity as described here.
The following environment variable was exported, so the Azure CLI uses a proxy (direct internet connection is blocked in our subnet).
export http_proxy="http://proxy.local:111"
export https_proxy="http://proxy.local:111"
Now I would like to use az login --idenity to login to Azure with the assigned managed identity.
Unfortunately, I receive all the time the following message:
Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned http error: 400, reason: Bad Request
Upvotes: 2
Views: 1134
Answers (1)
Patrick
Reputation: 2208
Using az login --identity --verbose --debug we observed, that az login --identity performers the following call:
...
urllib3.connectionpool: http://proxy.local:111 "GET http://169.254.169.254/metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01 HTTP/1.1" 400 68
...
Because of the proxy settings, az login --identity is trying to connect to 169.254.169.254 over the configured proxy, which will not work. Setting export no_proxy="169.254.169.254" resolved the issue.
Upvotes: 2
Related Questions
- Proxy authentication for Azure CLI
- Using Azure Managed Identity in a Docker container running on an Azure VM
- Can't use Managed Service identity (MSI) for App Service deployment with hosted Microsoft agent
- Using Managed Identity in Azure Pipelines: GetUserAccessToken: Failed to obtain an access token of identity. AAD returned silent failure
- How to get an Azure MSI access token for a specific user assigned identity on a VM/VMSS?
- Azure - assign managed identity access to VM before setup
- How to configure azure-cli behind a corporate proxy on Windows
- How do I specify a user-assigned managed identity in Azure API Management
- Use Azure Managed Identities for service to service calls
- User Managed Identity - how to authenticate using c#