I have enabled the Managed service endpoint for the app service and able to see the MSI_ENDPOINT and the MSI_SECRET injected in the environment. am able to get the azure AD access token also when invoking the MSI_ENDPoint. But as per Azure documentation (https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview), we have to use IMDS endpoint going forward. but when accessing the URL http://169.254.169.254/metadata/identity/oauth2/token properly with api-version and the metadat, via powershell am getting an error that 'unable to connect to the remote server' though am able to get access token from the same powershell when hitting the MSI_Endpoint which is http://localhost:xxxx/MSI/token
2
votes
1 Answers
2
votes
IMDS (Instance Metadata Service) is only available for Azure Virtual Machine and Virtual Machine Scale Set resources. You won't be able to call IMDS from within an App Service. The documentation to migrate from localhost:xxxx to IMDS is only relevant for Virtual Machine and Virtual Machine Scale Set resources.
Here are the docs specific to App Services. Note that MSI_ENDPOINT is used here.
