VM Using Managed Identity for Artifact Download

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Deploy To Azure Deploy To Azure US Gov Visualize

Bicep Version

This template shows how to download artifacts for the Virtual Machine's custom script extension using a user assigned managed identity. This approach does not require the use of a sasToken or public access to download the artifacts.

The typical pattern in this repo (for all artifacts) is to stage and create a sasToken during deployment. This sample expects that the artifacts are staged before deployment and the managed identity must have Storage Blob Data Reader access to the storageAccount. Staging and access to the artifacts is distinct from the deployment of the template.

Note that the managed identity must be assigned to the VM as well as specified on the extension resource in protectedSettings.

The output of the deployment shows a directory listing of the downloaded files.

For more information on this approach see Custom Script Extension for Windows.

Tags: Microsoft.Network/publicIPAddresses, Microsoft.Network/virtualNetworks, Microsoft.Network/networkInterfaces, Microsoft.Compute/virtualMachines, UserAssigned, Microsoft.Compute/virtualMachines/extensions, CustomScriptExtension