Creates a function app with managed service identity
This template creates a function application on a consumption plan on Windows. It also enables managed identity for the application and returns the principal id as output.
Managed identities in Azure Functions
You can learn more about managed identities and common scenarios in the documentation.
Another common scenario is to grant the managed identity access to either resource groups or subscriptions so that the function has permissions to take action on Azure resources. This is useful when using functions to automate Azure operational tasks.
Grant the managed identity contributor access to the subscription or resource group so it can perform actions
The below command sets the access at the subscription level.
$Context = Get-AzContext
New-AzRoleAssignment -ObjectId <principalId> -RoleDefinitionName Contributor -Scope "/subscriptions/$($Context.Subscription)"
Tasks performed by this template
This template performs the following tasks
- Creates a storage account to store the functions code.
- Creates an application insights resource to store logs and metrics for the function.
- Creates a functions application with managed identity enabled, and running on a consumption plan.
For more information about Azure Functions, see the Azure Functions Overview.
Tags: Microsoft.Web/sites, SystemAssigned, Microsoft.Web/serverfarms, Microsoft.Storage/storageAccounts, Microsoft.Insights/components