Reputation: 15
Replicate Azure Virtual Machine Managed Identity configuration REST API with PowerShell Invoke-RestMethod
I recently received helpful guidance on enabling both system-assigned and user-assigned managed identities for an Azure Virtual Machine (VM) through REST API calls. Now, I'm seeking assistance to replicate this process using PowerShell's Invoke-RestMethod.
Here's the REST API call I used to achieve this:
PATCH https://management.azure.com/subscriptions/<SUBSCRIPTION
ID>/resourceGroups/<RESOURCE
GROUP>/providers/Microsoft.Compute/virtualMachines/<VM
NAME>?api-version=2017-12-01 HTTP/1.1
{
"identity":{
"type":"SystemAssigned,UserAssigned",
"identityIds":[
"/subscriptions/<SUBSCRIPTION ID>/resourcegroups/<RESOURCE
GROUP>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<USER
ASSIGNED IDENTITY NAME>"
]
}
}
Could someone assist me in translating this into a PowerShell script using Invoke-RestMethod? Specifically, I need guidance on how to incorporate the authentication using a service principal, constructing the JSON payload, and making the PATCH request.
Any help or examples would be greatly appreciated. Thank you!
Upvotes: 1
Views: 207
Answers (1)
Reputation: 22597
You can make use of below PowerShell script to enable both identities by calling REST API with Invoke-RestMethod:
# Authentication
$tenantId = "tenantId"
$clientId = "appId"
$clientSecret = "secret"
$tokenEndpoint = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$body = @{
"grant_type" = "client_credentials"
"client_id" = $clientId
"client_secret" = $clientSecret
"resource" = "https://management.azure.com/"
}
$response = Invoke-RestMethod -Method Post -Uri $tokenEndpoint -Body $body
$accessToken = $response.access_token
# Define variables
$subscriptionId = "subId"
$resourceGroup = "Sri"
$vmName = "testvm"
$userAssignedIdentityName = "testusermi"
$apiVersion = "2017-12-01"
# Construct JSON payload
$jsonPayload = @{
"identity" = @{
"type" = "SystemAssigned,UserAssigned"
"identityIds" = @(
"/subscriptions/$subscriptionId/resourcegroups/$resourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$userAssignedIdentityName"
)
}
} | ConvertTo-Json
# Construct PATCH URL with formatted vmName
$patchUrl = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Compute/virtualMachines/{0}?api-version=$apiVersion" -f $vmName
# PATCH request
$result = Invoke-RestMethod -Method Patch -Uri $patchUrl -Headers @{
"Authorization" = "Bearer $accessToken"
"Content-Type" = "application/json"
} -Body $jsonPayload
$result
Response:
When I checked the same in Portal, both identities enabled successfully in Azure virtual machine as below:
System assigned managed identity:
User assigned managed identity:
Upvotes: 0
Related Questions
- Enable both system-assigned and user assigned identities to Azure Virtual Machine simultaneously in single REST API call
- Access Azure cost management API data from Azure Data Factory using managed identity
- Azure REST API retrieve GPU memory size
- How to "parse" Azure resource id object with powershell
- Azure Powershell : Find the creator of a virtual machine
- Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel
- Azure Invoke-AzureRmVMRunCommand - Run command extension execution is in progress
- can I change Os profile in existing virtual machine using azure vm rest api (PUT)?
- How to Create a Powershell Script to Create Azure API Management Resource