I'm in the process of creating some functions inside an Azure Function app to perform some internal tasks. Our general principle of authenticating Azure resources is to use Managed Identities wherever possible with the minimum set of permissions required for the resource to perform its duties. I have several functions inside the app which perform different tasks and therefore require a different set of permissions. For example:
- Function 1 moves a file inside a Storage Account file share
- Function 2 regenerates a secret inside Key Vault
Is it possible to assign a user-assigned managed identity to individual functions? If not, how could one go about implementing this kind of behaviour without assigning multiple identities to the function app itself? Thanks.
