I use the Instance profile in Aws to update or edit the instance details. So I want to try the same thing on Azure. Does Azure have an instance profile feature?

Hello @Diksha Singh Azure does not have an instance profile feature like AWS. However, Azure provides a similar feature called Managed Service Identity (MSI) that allows you to authenticate to Azure services without the need for credentials in your code. MSI provides an automatically managed identity in Azure Active Directory (Azure AD) that can be used to authenticate to any service that supports Azure AD authentication. like the following Aure services such as Azure Key Vault, Azure Resource Manager, and Azure Storage. To use MSI, you can retrieve the access token from the Azure Instance Metadata Service (IMDS) endpoint, which is similar to the AWS Instance Metadata Service. The IMDS endpoint provides information about the Azure VM instance, including the MSI endpoint and the access token. Here is an example of how to retrieve the access token from the IMDS endpoint using PowerShell: $accessToken = Invoke-RestMethod -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/" -Headers @{Metadata="true"} -Method GET -UseBasicParsing In this example, the $accessToken variable contains the access token that can be used to authenticate to Azure services that support Azure AD authentication. Note that not all Azure services support MSI, so you will need to check the documentation for each service to see if it is supported. Also, MSI is not a feature of Azure VMs by default, so you will need to enable it on the VM using the Azure portal, Azure CLI, or PowerShell. If this does answer your question, please accept it as the answer as a token of appreciation.

Is Azure supports instance profile like AWS?

Accepted answer

Prrudram-MSFT 23,211 Reputation points

2023-05-09T09:35:56.5633333+00:00
Hello @Diksha Singh

Azure does not have an instance profile feature like AWS. However, Azure provides a similar feature called Managed Service Identity (MSI) that allows you to authenticate to Azure services without the need for credentials in your code. MSI provides an automatically managed identity in Azure Active Directory (Azure AD) that can be used to authenticate to any service that supports Azure AD authentication. like the following Aure services such as Azure Key Vault, Azure Resource Manager, and Azure Storage.

To use MSI, you can retrieve the access token from the Azure Instance Metadata Service (IMDS) endpoint, which is similar to the AWS Instance Metadata Service. The IMDS endpoint provides information about the Azure VM instance, including the MSI endpoint and the access token.

Here is an example of how to retrieve the access token from the IMDS endpoint using PowerShell:

$accessToken = Invoke-RestMethod -Uri "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/" -Headers @{Metadata="true"} -Method GET -UseBasicParsing

In this example, the $accessToken variable contains the access token that can be used to authenticate to Azure services that support Azure AD authentication.

Note that not all Azure services support MSI, so you will need to check the documentation for each service to see if it is supported. Also, MSI is not a feature of Azure VMs by default, so you will need to enable it on the VM using the Azure portal, Azure CLI, or PowerShell.

If this does answer your question, please accept it as the answer as a token of appreciation.
Please sign in to rate this answer.
Diksha Singh 60 Reputation points

2023-05-11T10:13:07.6466667+00:00

@Prrudram-MSFT Thanks. I just want to change the secondary IP of the Azure VM, I can do it with MSI?

In AWS I am using the Boto3 package.

Prrudram-MSFT 23,211 Reputation points

2023-05-11T11:50:59.31+00:00

Diksha Singh

No, Azure Managed Service Identity (MSI) is not used for configuring the network interfaces of Azure virtual machines.

To change the secondary IP of an Azure virtual machine, you can use Azure PowerShell or Azure CLI. Here's an example of how to change the secondary IP of a network interface using Azure PowerShell.

You can use the following Azure CLI approach to change the secondary IP of a network interface. Here's an example:

az network nic ip-config update --name ipconfig2 --nic-name nic-name --resource-group resource-group-name --private-ip-address new-secondary-ip

This example updates the IP configuration named "ipconfig2" for the network interface named "nic-name" in the resource group "resource-group-name" and sets the private IP address to "new-secondary-ip".

Note that you will need to have the appropriate permissions to modify the network interface configuration

Diksha Singh 60 Reputation points

2023-05-15T05:58:23.4966667+00:00

Thanks, Prrudram-MSFT. In AWS, I tried changing the secondary IP address using the instances profile and boto3 package, which worked for me.

Same things how can achieve using Managed Service Identity (MSI)?

I know with Azure Active Directory (AAD) we can achieve this but we need to same the credentials.

Any Idea how do this?

Diksha Singh 60 Reputation points

2023-05-15T05:59:30.5966667+00:00

I don’t want to use Azure CLI.

Prrudram-MSFT 23,211 Reputation points

2023-05-31T05:38:46.2266667+00:00

Diksha Singh

I'm sorry, but I'm not sure I understand your question completely. Are you asking how to change the secondary IP address of an Azure virtual machine using Managed Service Identity (MSI)?

AFAIK, to use MSI to change the secondary IP address of an Azure virtual machine, you can use the Azure REST API or Azure PowerShell. Here are the high-level steps:

Enable MSI on the virtual machine.

Assign a role to the MSI that has the necessary permissions to modify the virtual machine's network interface.

Use MSI to authenticate Azure and obtain an access token.

Use the access token to call the Azure REST API or Azure PowerShell cmdlets to modify the virtual machine's network interface.

For further help, I would recommend you open an azure support case. If you don't have the ability to open a technical support ticket, please let me know and I can help you further with this.
Sign in to comment

Share via

Is Azure supports instance profile like AWS?

0 additional answers