How to assign Azure Managed Identity to Azure Storage Account?

0
votes

I am following this tutorial where it required to use an Azure Managed Identity assigned to an Azure Storage Account. https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview#about-customer-managed-keys

In the tutorial the step 1. is:

  1. An Azure Key Vault admin grants permissions to encryption keys to the managed identity that's associated with the storage account.

However I cannot find a way to see or assign a managed identity to an SA. It seems that SAs have no managed identities out of the box..

Any hints?

1
azureazure-managed-identity

1 Answers

1
votes

I don't think so that it's possible to view that in the portal but I am sure that powershell can help you. As far as i know that are two ways to check if your storage account has a Principal Id assigned. One way is to check in azure AD by typing Get-AzADServicePrincipal -DisplayName storageAccountName and another one is:

$stgName = "stgName"
$rgName =  "rgName"

$stg = Get-AzStorageAccount -StorageAccountName $stgName -ResourceGroupName $rgName
$stg.identity

if you have managed identity assigned so you can see principal id. Otherwrise:

Set-AzStorageAccount -ResourceGroupName $rgName -AccountName $stgName -AssignIdentity