Member-only story
How to Leverage Managed Identity for Azure VM Run Commands
In my previous article, when playing around with Set-AzVMRunCommand in Azure, I was using the SAS token URI to download and return content to an Azure Storage Account.
While SAS token URIs deserves its place, Managed Identities eliminates the need to rotate tokens, and enhances the security aspect since it does not expose credentials or tokens.
However, I soon found out it the Set-AzVMRunCommand does not support Managed Identities (yet?).
In my small dissatisfaction, I still went looking to see if it was possible and guess what, the documentation pointed me in the right direction.
The Set-AzVMRunCommand doesn’t have the parameter available, instead you’ve to fall back to the lovely Invoke-AzRestMethod cmdlet. Let’s see how you can do it.
Setting Up System-assigned Managed Identity for Azure VM
Using the System-assigned Managed Identity ties you to the lifecycle of the VM itself. When the VM is deleted, the identity is automatically removed. Therefore, depending on your scenario, it’s simpler to implement the System-assigned one, compared to using a User-assigned one.
The following example enables the System-assigned Managed Identity on a VM using PowerShell.
