Jaa

az vmss identity

Manage service identities of a VM scaleset.

Commands

Name Description Type Status
az vmss identity assign

Enable managed service identity on a VMSS.

 Core GA
az vmss identity remove

Remove user assigned identities from a VM scaleset.

 Core Preview
az vmss identity show

Display VM scaleset's managed identity info.

 Core GA

az vmss identity assign

Edit

Enable managed service identity on a VMSS.

This is required to authenticate and interact with other Azure services using bearer tokens.

az vmss identity assign [--identities]
                        [--ids]
                        [--name]
                        [--resource-group]
                        [--role]
                        [--scope]
                        [--subscription]

Examples

Enable system assigned identity on a VMSS with the 'Owner' role.

az vmss identity assign -g MyResourceGroup -n MyVmss --role Owner --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup

Enable system assigned identity and a user assigned identity on a VMSS with the 'Owner' role.

az vmss identity assign -g MyResourceGroup -n MyVmss --role Owner --identities [system] myAssignedId --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup

Enable managed service identity on a VMSS. (autogenerated)

az vmss identity assign --identities readerId writerId --name MyVmss --resource-group MyResourceGroup

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--identities

Space-separated identities to assign. Use '[system]' to refer to the system assigned identity. Default: '[system]'.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--role

Role name or id the system assigned identity will have.

--scope

Scope that the system assigned identity can access.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az vmss identity remove

Edit
Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Remove user assigned identities from a VM scaleset.

az vmss identity remove [--identities]
                        [--ids]
                        [--name]
                        [--resource-group]
                        [--subscription]

Examples

Remove system assigned identity

az vmss identity remove -g MyResourceGroup -n MyVmss

Remove 2 identities which are in the same resource group with the VM scaleset

az vmss identity remove -g MyResourceGroup -n MyVmss --identities readerId writerId

Remove system assigned identity and a user identity

az vmss identity remove -g MyResourceGroup -n MyVmss --identities [system] readerId

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--identities

Space-separated identities to remove. Use '[system]' to refer to the system assigned identity. Default: '[system]'.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Scale set name. You can configure the default using az configure --defaults vmss=<name>.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az vmss identity show

Edit

Display VM scaleset's managed identity info.

az vmss identity show [--ids]
                      [--name]
                      [--resource-group]
                      [--subscription]

Examples

display VM scaleset's managed identity info. (autogenerated)

az vmss identity show --name MyVirtualMachine --resource-group MyResourceGroup

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

The name of the Virtual Machine. You can configure the default using az configure --defaults vm=<name>.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False