Creates a function app with managed service identity

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Deploy To Azure Deploy To Azure US Gov Visualize

This template creates a function application on a consumption plan on Windows. It also enables managed identity for the application and returns the principal id as output.

Managed identities in Azure Functions

You can learn more about managed identities and common scenarios in the documentation.

Another common scenario is to grant the managed identity access to either resource groups or subscriptions so that the function has permissions to take action on Azure resources. This is useful when using functions to automate Azure operational tasks.

Grant the managed identity contributor access to the subscription or resource group so it can perform actions

The below command sets the access at the subscription level.

$Context = Get-AzContext
New-AzRoleAssignment -ObjectId <principalId> -RoleDefinitionName Contributor -Scope "/subscriptions/$($Context.Subscription)"

Tasks performed by this template

This template performs the following tasks

  • Creates a storage account to store the functions code.
  • Creates an application insights resource to store logs and metrics for the function.
  • Creates a functions application with managed identity enabled, and running on a consumption plan.

For more information about Azure Functions, see the Azure Functions Overview.

Tags: Microsoft.Web/sites, SystemAssigned, Microsoft.Web/serverfarms, Microsoft.Storage/storageAccounts, Microsoft.Insights/components