Looks like 'Run-as' accounts are retired, so I am trying to use Managed Identity to establish connection to my Azure resources in a Runbook (part of Azure Automation account).
I am following the instructions here: https://learn.microsoft.com/en-us/azure/automation/add-user-assigned-identity#authenticate-access-with-user-assigned-managed-identity
Code
$azureContext = (Connect-AzAccount -Identity -Tenant $tenantId -AccountId $managedIdentityApplicationId).context # Connect to Azure with user-assigned managed identity
$connectionResult = Set-AzContext -Tenant $tenantId -Subscription $subscriptionId -DefaultProfile $azureContext
For $managedIdentityApplicationId, I am passing in the ClientId of the User-assigned Managed identity
Error
Connect-AzAccount : ManagedIdentityCredential authentication failed: **User assigned identity is currently not supported**
clientID must not be passed in request.
Status: 400 (Bad Request)
What could I be missing here?
Firstly, to connect Az account using managed identities, it is possible to use system assigned as well as user assigned managed identities.
System assigned identity:
I Created a new automation account and runbook. Now go to
IdentityunderAccount settingsand enable System assigned as shown.Now to make it work without errors, you need to give a permission called
Automation Contributorby clicking on theAzure role assignmentsin the above snap.After its done, now you will be able to connect the Az account with the identity argument as shown below.
Output:
User assigned identity:
Now I created a user assigned identity to connect Az account from automation runbook.
Here you need to enable
User Access Administrator rolefor managing user access to Azure resources.Referring to the MSDoc provided by you, I tried to execute the below given script in my runbook and was able to perform it successfully.