How to connect AKS generated UMI to Azure SQL Database?

ibocon 31 Reputation points
2022-07-08T05:10:48.903+00:00

How to connect AKS generated UMI to Azure SQL Database?

Connection String in Key Vault, 

   Server=tcp:sqlserver.database.windows.net,1433;Initial Catalog=sample;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication=Active Directory Managed Identity;User Id=00000001-0002-0003-0004-000000000005;

Managed Identity is created by AKS. I assigned Owner role of Azure SQL Database.

218832-image.png

I am getting log like below.

What should do?

218773-image.png

Azure SQL Database
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,877 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vidya Narasimhan 2,201 Reputation points Microsoft Employee
    2022-07-11T17:01:31.193+00:00

    Hi @ibocon

    SQL DB Contributor role allows an identity to manage the SQL Server but does not give the access to the data contained with the databases.
    You need to create a contained db user in Azure SQL database and grant permissions as per the link below:
    https://learn.microsoft.com/en-us/azure/app-service/tutorial-connect-msi-sql-database?tabs=windowsclient%2Cef%2Cdotnet#grant-permissions-to-managed-identity

    1 person found this answer helpful.
    0 comments
  2. ibocon 31 Reputation points
    2022-07-13T06:42:59.92+00:00

    Hi @Vidya Narasimhan

    I followed your instruction and getting below error.

    220249-image.png

    I cannot understand why I do not have permission...

    220196-image.png