How to use Managed Identities to access Azure resources securely

Рет қаралды 29,640

Күн бұрын

HOW TO USE MANAGED IDENTITIES TO ACCESS AZURE RESOURCES SECURELY - Learn how to use Azure Active Directory’s Managed Identities to access cloud resources securely.
Having a crisis of Azure identity? You’d be surprised all the places in Azure where you can make use of Microsoft’s identity tools. In this episode of #KnowOps, Dana shows us the magic of Azure Managed Identities, as well as how to use them to safely use secrets inside of a Linux instance.
--
Continue the conversation on social media using the hashtag #knowops. Or join our private LinkedIn group at / 13754782
We 💖 #azops
#azure #itops #knowops

Пікірлер: 43

@DanaEpp 4 жыл бұрын

Thanks for watching this week's episode. My sincere apologies for the poor audio in the screencast portion. My good mic died and I had to use the actual source from the Surfacebook, which isn't anywhere near as good. We tried to clean it up, but I know its not ideal. No matter though... I am still able to show how sweet managed identities are!!! Hope you like it!

@ketanmehta3058 2 жыл бұрын

not a major issue... love the background music.

@wilsongottineto6479 2 ай бұрын

It's also awesome to see Managed Identities working on K8s too. :)

@LyubomirDimitrovSilverbackbg Жыл бұрын

You are too good to be truth. Such a detailed and logical step by step explanation is close to impossible to be found nova days. Thank you, and I hope one day you start your channel once again.

@KDOERAK 3 жыл бұрын

great video: short, to the point and practical - thx!

@shinojzacharias6050 3 жыл бұрын

Thanks for this great video. A very clear and useful video to understand managed identities in Azure.

@cazanu4209 4 жыл бұрын

Very helpful, thank you for the great guides. :)

@mike7243 3 жыл бұрын

Great Video. Definitely a keeper. Unfortunately this is way over my head. Not sure how long you've been doing this but damn your good. I understand its value but creating and managing it will take me sometime to learn well. Thanks for all your videos.

@adri144n 4 жыл бұрын

Thanks for this, very clear and helpful. As a remark: don't switch mid-way from CLI to UI, now I'm stuck with half the commands to do this. (Or if you do switch over in the video to UI, mention that the commands can be found in the description/some website/...)

@LtW00dy 4 жыл бұрын

Great video. thanks for sharing.

@isc1971 3 жыл бұрын

Clear presentation and very useful....

@ashwinisidhu 3 жыл бұрын

Brilliant as usual🙌

@eugenelipsky2660 4 жыл бұрын

Thanks. This was very helpful.

@baishakh 4 жыл бұрын

Learned something new. Thanks

@ZeeshanKhan-ld2ff 3 жыл бұрын

nice demo, thanks a lot.

@ovinophile 3 ай бұрын

Great content here. Just sad that Dana got taken by the Covid 😢

@Drive_2Survive 2 жыл бұрын

Very useful

@asharnavya 4 жыл бұрын

Sir, I am new to Azure DevOps, this designation is quite new. I have a question, can we fetch servicePrincipaID using the Managed identity or Uploaded certificate (.cer) using PowerShell? If Yes, then please lead me.

@hochun836 2 жыл бұрын

Awesome !!

@HoundDogZA 2 жыл бұрын

I'm now just wondering how assigning a UAMI to the Linux VM in ARM suddenly gives you access to the token inside the VM. I imagine it's some Azure agent/service or something that passes it through, but I am curious.

@sidzhang 4 жыл бұрын

I LOVE your video bro

@sau002 3 жыл бұрын

Greate video.

@ashishmishra672 4 жыл бұрын

You're the best

@joseluischiletrojas8135 3 жыл бұрын

Good vídeo 👍

@ashwaniahuja 4 жыл бұрын

Nice contents in your videos thanks

@KnowOps 3 жыл бұрын

Glad you like them!

@BijouBakson 4 жыл бұрын

Azure Academy can learn a trick or 2 from you sir! Just one remark if you don't mind: The videos in the playlist are in no particular order, this is actually the first video and from the sound of it, there are obviously previous lessons. Perhaps you might consider rearranging the content of the play list?

@KnowOps 4 жыл бұрын

That's great feedback. We'll look into.

@edburns00 3 жыл бұрын

New subscriber here. I like your presentation style.

@KnowOps 3 жыл бұрын

Thanks Ed!

@mohdansari3607 4 жыл бұрын

How to get the activity log of the Managed identity? for example, if MI is used to access secret in KV, how to get it logged...

@KnowOps 3 жыл бұрын

Take a look at the AADManagedIdentitySignInLogs object for Azure Monitor at docs.microsoft.com/en-us/azure/azure-monitor/reference/tables/aadmanagedidentitysigninlogs

@sau002 3 жыл бұрын

Please help me understand. At 9:04 , after you assigned the Managed Identity to the Linux VM and then did a CURL operation to fetch the access token , how did MS authenticate the HTTP request that originated due to CURL ?

@KnowOps 3 жыл бұрын

Hey Saurabh, a good place to start to learn how the Azure metadata service exposed at 169.254.169.254 works would be to check out this article: docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token

@KnowOps 3 жыл бұрын

Another article that showcases more info on what is exposed from the metadata service is at docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service

@zabeehullah3673 3 жыл бұрын

hi how can i leverage the managed identity when my resource is in another tenant and my azure AD is in separate tenant?

@KnowOps 3 жыл бұрын

Well, if the identities are across tenants you will have a hard time. While you can federate between directories, that's not something you would use with managed identities. What exactly are you wanting to accomplish?

@birdhousepi1154 3 жыл бұрын

Thanks. Can you do a video of how to use managed identities correctly within a devops pipeline? I see you can create a service connection for Azure Resource Manager which allows the Managed Identity option but it doesn't allow me to specify which managed identity I want to use. I'm very confused.

@goon8000 3 жыл бұрын

You need a service principal

@ivanfarias1 2 жыл бұрын

hi Dana, thanks for sharing this super useful!! what is the terminal you use for Azure cli?

@DanaEpp 2 жыл бұрын

Hey Ivan, I use the “Windows Terminal” from Microsoft, which you can download for free from the Microsoft Store. It supports a cmd shell, PowerShell and even Azure CloudShell. I also use it with WSL so I have a full bash environment. HTH!