Hi Devesh,
Thanks for reaching out on Microsoft Q&A. Try these steps:
In Azure Container Instances (ACI), you can mount volumes without using storage account keys by leveraging Azure Managed Identities and Azure Files with Azure Role-Based Access Control (RBAC). Here's how you can do this:
Steps to Mount Azure Files in ACI without Storage Account Keys
- Create an Azure Storage Account with a File Share:
- First, create a storage account and a file share in Azure that you want to mount to your container.
- Create a User-Assigned Managed Identity:
- Go to the Azure portal and create a user-assigned managed identity. This identity will be used to access your storage account without requiring storage keys.
- Assign Storage Blob Data Roles:
- Assign your managed identity the
Storage Blob Data Contributor
role (or appropriate role) on the storage account or the specific file share.- Navigate to the Access Control (IAM) tab in your storage account.
- Add a role assignment, search for "Storage Blob Data Contributor," and assign this to the managed identity.
- Assign your managed identity the
- Deploy the ACI with Managed Identity and File Share:
- Deploy your container in ACI with the managed identity attached. Ensure the ACI has the correct RBAC permissions to the storage account for reading or writing to the file share.
- Use the Azure CLI or ARM/Bicep template to create the ACI.
az container create \
--resource-group <your-resource-group> \
--name <your-container-instance-name> \
--image <your-container-image> \
--assign-identity <your-managed-identity-id> \
--azure-file-volume-account-name <your-storage-account> \
--azure-file-volume-share-name <your-file-share> \
--azure-file-volume-mount-path <mount-path> \
--role StorageBlobDataContributor
- Access the Mounted Volume:
- Once deployed, your container should be able to access the Azure File Share using the managed identity's credentials, without needing to provide storage account keys.
Key Benefits:
- Enhanced Security:
You no longer need to handle or distribute storage account keys, reducing the risk of credential exposure.
- RBAC Control: The access is managed by Azure RBAC, providing fine-grained access control.
- Seamless Management: Managed identities automatically rotate credentials and integrate seamlessly with Azure services.
If this answer is helpful, please mark it as the answer and upvote it. If you need any more help, feel free to ask. Thanks!