In this article, I’ll explain the concepts around Managed Identities in Azure, the different types of managed identities, and how to assign them to a VM. Then we will show how to authenticate Terraform to Azure using the managed identity. Lastly, we will configure an Application Gateway to use a managed identity in order to access secrets in an Azure Key Vault.

What is a managed identity?

Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.

Crucially the management of credentials is handled by the managed identity (hence the word managed), and not by the application or the developer.

Using Managed Identities to Authenticate with Terraform

You can use a _system-assigned _managed identity to authenticate when using Terraform. The managed identity will need to be assigned RBAC permissions on the subscription, with a role of either Owner, or both Contributor and User access administrator.

Azure Application Gateway and Key Vault with Managed Identity in Terraform

Manged identities can also be created and managed using Terraform and then assigned a role. These can then be tied to a resource, like a VM or Application Gateway.

#azure-devops #azure-managed-identities #azure-active-directory #azure #terraform