...
| Table of Contents | ||||
|---|---|---|---|---|
|
Overview
Snaps in the Binary Snap Pack use the Azure portal to access endpoint applications. You can Binary Snaps that integrate with Azure Storage Blob service to access Azure resources use the SAS URI or Access key authentication. The SnapLogic platform now supports Managed Identities to authenticate Azure accessBlob Storage service. However, Managed Identities provide credentialless access to Azure. There are of two types of Managed Identities: System-Assigned Managed Identity and User-Assigned Identity. The System-Assigned identity can be
System assigned managed identity: A resource created and managed by Azure for an Azure resource, such as a virtual machine or a web app, and is mapped to a single virtual machine
...
.
User assigned managed identity: Resource created as a stand-alone Azure resource and is mapped with multiple resources.
...
The procedure of creating Managed identities for a resource Resource group in the Azure portal and linking them to a virtual machine and storage account.
...
Storage account includes the following key steps:
Step 1: Create a Resource group in the Azure portal
Step 2: Create a Storage Account
Step 3: Create a Container in the Storage Account
Step 4: Create a Managed Identity
Step 5: Create a Virtual Machine
Step 6: Link the User-Assigned Managed Identity with the Virtual Machine and Storage Account
Step 7: Link System-Assigned Managed Identity to Virtual Machine and Storage Account
Prerequisites
To assign Azure roles, you must have:
Microsoft.Authorization/roleAssignments/writepermissions, such as Role Based Access Control Administrator or User Access Administrator. Learn more.
Create a Resource group in the Azure portal
Log into the Azure portal.
...
Search for the Resource group from the search bar.
...
Click Create.
...
Specify the Subscription and Resource group and
...
click Next.
...
...
Specify the Name and Value of the Resource group
...
and click Next. The Resource group is created, and the details of the Resource group
...
are displayed.
...
Create a Storage Account
a. Create a storage account under the resource group created.
...
On the Home page of the Azure portal, search for Storage Account in the search bar.
Click +Create. The Create a storage account page is displayed. Click Next.
Select the Default to Microsoft Entra authorization in the Azure portal checkbox and click Next.
...
Continue to click Next with the default settings until the Storage account validates.
...
Click Create. The Storage account deploys successfully.
...
...
...
Create a Container in the Storage Account
a. Navigate to Containers on the left navigation bar.
...
Click the Go to resource button on the Deployment completion page.
Navigate to Containers and click Container.
...
Specify the container name
...
and click Create.
...
d. Click Upload to upload a sample file in the container.
...
Until now, we have a resource group with a storage account within which there is a container.
...
Create a Managed Identity
...
User assigned managed identity
On the Home page of the Azure portal, search for Managed Identities in the search bar. The Managed Identities page displays the list of existing Managed Identities.
...
Click Create.
...
Specify the resource group you created earlier in
...
...
Specify the name of the
...
User Assigned Managed Identity in the Name field.
...
Click Next where TERMS appear.
...
Click Create. The User-assigned
...
Managed Identity is deployed successfully.
...
System assigned managed identity
When you create a virtual machine, Azure automatically creates a system-assigned identity associated with the machine.
Create a Virtual Machine
...
On the home page of the Azure portal, search for Virtual Machine from the search bar.
...
Click Create.
...
Select the
...
Resource group created in
...
...
Specify the name of the virtual machine.
...
Continue to click Next:<>
...
until the virtual machine validation is passed.
...
Click Create. The Generate new key pair pop-up appears.
...
Click the Download private key and create resource
...
button. The deployment is completed.
The private key is not stored and cannot be retrieved if you miss to download the private key.
...
Click the Go to resource button.
...
Link the User-Assigned Managed Identity with the Virtual Machine and Storage Account
...
Navigate to
...
Security > Identity
...
in the left navigation pane.
...
Click the User assigned option.
...
Click Add.
...
Select the Managed identity (that you have created earlier in Step 4) from the User assigned managed identities
...
list.
A single virtual machine can have multiple user-assigned managed identities assigned to it.
...
Click Add
...
. The identity is added to the virtual machine.
...
Navigate to Home.
...
Select the
...
Storage account created in Step 2.
...
Click Access
...
Control (IAM) in the left navigation.
...
Click Add>Add role assignment.
...
Search for the Storage Blob Data Contributor role from the list of roles on the Add role assignment page.
h. Click Next.
i. Choose the Managed identity option in the Assign access to field.
...
t. Navigate to the user-assigned managed identity created in Step 4 from the search bar to obtain the client ID.
...
7. Add System-Assigned Managed Identity to Virtual Machine
a. Click Home.
b. Navigate to Identity under the Security tab on the left navigation.
...
q. Click Select.
r. Click Review + assign.
...
Configure Information Required to Create Your Binary Account
Specify the values required to create a successful Binary Azure Storage Account.
...