Home / server / Questions / 1135150
Accepted
Sudheer Satyanarayana
Asked: 2023-06-29 17:49:34 +0800 CST

Allow Azure VM To Access Storage Container Without AAD

  • 772

I have a subscription, resource group and a VM. Let's call this VM as vm-01.

From the VM, I want to access Azure Storage containers and objects. I have installed the Azure CLI on this Linux VM.

Is it possible to access the storage service from the VM by using RBAC? I want execute commands like:

az storage container list

The documents I have read all point to using Azure Active Directory. I do not have Azure Active Directory service for this subscription and resource group.

I was thinking I could create a custom role and assign it to the VM. I was able to create the custom role and provide the required storage permissions to the role. However, I am not able to assign the custom role to the VM. In the Azure console, I see only options to assign the Azure Managed identities.

azure

1 Answers

  1. Best Answer

    You need to do the following:

    1. Create a user assigned managed identity
    2. Give this managed identity proper permissions on the storage account (such as "Storage Account Contributor"
    3. Assign this managed identity on your VM
    4. Authenticate to AZ cli using the following command
    az login --identity

    Once that's done, you should be able to make API calls on the storage account (such as az storage container list) after authenticating using the managed identity.

    Here's the official docs.

    • 0