Write an Azure ARM Template to give read and write access to a managed Identity for accessing container in a storage account which is in different subscription from the subscription where managed identity is.

Sayantan Gangopadhyay 0 Reputation points
2023-04-11T14:34:24.5633333+00:00

Write an Azure ARM Template to give read and write access to a managed Identity for accessing storage account and as well as container in a storage account which is in different subscription from the subscription where managed identity is..

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,473 questions
{count} votes

1 answer

Sort by: Most helpful
  1. KarishmaTiwari-MSFT 18,627 Reputation points Microsoft Employee
    2023-04-12T06:56:01.3833333+00:00

    @Sayantan Gangopadhyay

    You can add user-assigned managed identity to the resource in another subscription by adding the following to your ARM template.

     "identity": {
                "type": "UserAssigned",
                "userAssignedIdentities": {
                   "/subscriptions/<Azure-subscription-ID>/resourceGroups/<Azure-resource-group-name>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<user-assigned-identity-name>": {}
                }
    

    Here's a sample ARM template that does the same for Azure Logic Apps, instead of storage for your reference: https://learn.microsoft.com/en-us/azure/logic-apps/create-managed-service-identity?tabs=consumption#create-user-assigned-identity-in-an-arm-template

    If you have any questions, let me know in the "comments".

    If this helps, 'Accept answer' and 'mark as helpful' so that it can help others in the community looking for help on the same topic.