How to Create Web Site ARM Template with Managed Identity?

Question

I am attempting to create Azure Resource Manager templates for several web sites that read secrets from a key vault. In reading How to use managed identities for App Service and Azure Functions, the documentation states that the web site ARM template should contain the following upon creation for authenticating with a key vault:

"identity": {
   "type": "SystemAssigned"
}

Once the web site is created, the the identity section changes to the following:

"identity": {
   "type": "SystemAssigned",
   "tenantId": "<TENANTID>",
   "principalId": "<PRINCIPALID>"
}

Does this mean that after running the ARM templates to create the web sites that I have to go back into the ARM template(s) and update the identity section for every site so that I can run the ARM templates to update the sites if need be?

4c74356b41 4c74356b41 · Accepted Answer · 2020-04-29T20:08:53

no, you dont have to do that. that is expected. it will not delete that. just rerun it and nothing will change.

How to Create Web Site ARM Template with Managed Identity?

1 Answers