az containerapp identity

Commands to manage managed identities.

Commands

Name	Description	Type	Status
az containerapp identity assign	Assign managed identity to a container app.	Core	GA
az containerapp identity remove	Remove a managed identity from a container app.	Core	GA
az containerapp identity show	Show managed identities of a container app.	Core	GA

az containerapp identity assign

Assign managed identity to a container app.

Managed identities can be user-assigned or system-assigned.

az containerapp identity assign [--ids]
                                [--name]
                                [--no-wait]
                                [--resource-group]
                                [--subscription]
                                [--system-assigned]
                                [--user-assigned]

Examples

Assign system identity.

az containerapp identity assign -n my-containerapp -g MyResourceGroup --system-assigned

Assign user identity.

az containerapp identity assign -n my-containerapp -g MyResourceGroup --user-assigned myUserIdentityName

Assign user identity (from a different resource group than the containerapp).

az containerapp identity assign -n my-containerapp -g MyResourceGroup --user-assigned myUserIdentityResourceId

Assign system and user identity.

az containerapp identity assign -n my-containerapp -g MyResourceGroup --system-assigned --user-assigned myUserIdentityResourceId

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--system-assigned

Boolean indicating whether to assign system-assigned identity.

default value: False

--user-assigned

Space-separated user identities.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp identity remove

Remove a managed identity from a container app.

az containerapp identity remove [--ids]
                                [--name]
                                [--no-wait]
                                [--resource-group]
                                [--subscription]
                                [--system-assigned]
                                [--user-assigned]

Examples

Remove system identity.

az containerapp identity remove -n my-containerapp -g MyResourceGroup --system-assigned

Remove user identity.

az containerapp identity remove -n my-containerapp -g MyResourceGroup --user-assigned myUserIdentityName

Remove system and user identity (from a different resource group than the containerapp).

az containerapp identity remove -n my-containerapp -g MyResourceGroup --system-assigned --user-assigned myUserIdentityResourceId

Remove all user identities.

az containerapp identity remove -n my-containerapp -g MyResourceGroup --user-assigned

Remove system identity and all user identities.

az containerapp identity remove -n my-containerapp -g MyResourceGroup --system-assigned --user-assigned

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--no-wait

Do not wait for the long-running operation to finish.

default value: False

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--system-assigned

Boolean indicating whether to assign system-assigned identity.

default value: False

--user-assigned

Space-separated user identities. If no user identities are specified, all user identities will be removed.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az containerapp identity show

Show managed identities of a container app.

az containerapp identity show [--ids]
                              [--name]
                              [--resource-group]
                              [--subscription]

Examples

Show managed identities.

az containerapp identity show -n my-containerapp -g MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

The name of the Containerapp. A name must consist of lower case alphanumeric characters or '-', start with a letter, end with an alphanumeric character, cannot have '--', and must be less than 32 characters.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.