My understanding of the internal working of Azure system managed identities using Azure Instance Metadata Service is that every VM has its own unique service principal created with Azure AD and a unique pair of public - private key pair associated with it.
The private key is maintained on the VM and is used to sign the access token that can be fetched using /identity API endpoint on the Azure instance metadata service.
Is the unique identity of this VM instance tied to this private key only or is there more to it? If a bad actor is able copy the private key across to a different VM, can the bad actor impersonate a given VM? Or is there more that goes into generation of this access token than just the private key?
I just make a summary here: @Thomas Provided a detailed and professional explanation. Based on How MSI works and how to get access token via managed identity on Azure VM,as you can see, the whole process to get access tokens is a GET function, no private keys or secrets are provided so there is no worry about that someone steals them and use them on other VMs. As @Thomas said :
Only your VM can request a token to the IMDS
If you issue has been solved, please mark this post to close this case,thanks!