ARM Deployment service to use a managed service identity to access template/config blobs within a storage account.

Austin Ayers 21 Reputation points
2021-11-03T17:45:43.453+00:00

Does anyone have any guidance or experience using hosted files for the Deployment template and configs. We are currently using a storage account with SAS token as parameters during the deployment...
Is it possible for the ARM Deployment service to use a delegated or application identity to access the template/config blobs within the storage account. therefore eliminating the need for SAS token management?

https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/secure-template-with-sas-token?tabs=azure-powershell

Azure Managed Applications
Azure Managed Applications
An Azure service that enables managed service providers, independent software vendors, and enterprise IT teams to deliver turnkey solutions through the Azure Marketplace or service catalog.
112 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,111 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments
Accepted answer
  1. Stanislav Zhelyazkov 20,781 Reputation points MVP
    2021-11-04T07:46:49+00:00

    Hi,
    It is not possible. Either you need SaS token or the files to be public. If you want to get rid of the storage account at all you can publish your templates as template specs and deploy them from template spec rather locally.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest