How to configure Managed Identity in Azure Function for SQL Database

Question

Currently I am sending queries to a SQL database using an Azure Function. For debugging purposes, right now my configuration in my function consists of my login information for the SQL database, inserting the username and password into the function. I want to allow the Azure Function to access the SQL database without requiring my username and password in the code, so I want to add a managed identity (similar to Azure Storage Blob Contributor) to the Azure Function. That way, no credentials would be needed for the Azure Function to interact with the database. What role would I give it, and are there any extra steps I need to perform? Thank you in advance. Also for reference, I'm using Nodejs.

Answer 1

There's really good documentation here that you can follow : https://learn.microsoft.com/en-us/azure/azure-functions/functions-identity-access-azure-sql-with-managed-identity#grant-sql-database-access-to-the-managed-identity

The key steps

1. Enable Managed Identity on the Function App
2. Add the appropriate SQL Roles. CREATE USER [<identity-name>] FROM EXTERNAL PROVIDER; ALTER ROLE db_datareader ADD MEMBER [<identity-name>];
3. Save the connection string in your Function App AppSettings.