azureazure-rm-templateazure-managed-identityazure-vm-scale-set
Assigning User Assigned Identity to Azure VMSS fails
I have a VMSS resource linked to a Service Fabric cluster. I have modified the ARM templates to have user managed identity for VMSS.
"variables": {
"vmssApiVersion": "2017-03-30",
...
..
}
....
"resources": [
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "[variables('vmssApiVersion')]",
"name": "[concat(variables('vmssNamePrefix'),
...
...
"identity": {
"type": "UserAssigned",
"identityIds": [
"/subscriptions/xxxxxxxxxxxxxxxxxxxxxx/resourceGroups/<RG>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<usrasgid>"
]
}
.....
.....
}
]
While deploying, it throws the error
{
"status": "Failed",
"error": {
"code": "InvalidParameter",
"target": "resourceIdentity.type",
"message": "ResourceIdentity Type must be provided and set to \"SystemAssigned\"."
}
}
Why does it ask me to set managed identity to SystemAssigned? How can I set it to user managed identity?
Solution
I tested the old versions and seems only SystemAssigned is allowed in API Version 2017-03-30. But , It was successful when I used 2018-06-01. So , as a Solution you can use the below to resolve the issue:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "ansumantestvmss",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2018-06-01",
"location": "[resourceGroup().location]",
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"[resourceID('Microsoft.ManagedIdentity/userAssignedIdentities/','ansumanmdid')]" : {}
}
},
"properties":{}
}
]
}
Output:
- How can I define compile time constants in bicep configuration language?
- Outlook calendar don't render with FullCalendar
- Azure functions decoding error for IotHub device connection state message schema
- How do I set scope in Azure API Manager (APIM) when using D_application_id
- How to mount multiple disks in a loop using ansible
- How can I get sub value in nested json via KQL?
- Azure .NET SDK: Scale Azure SQL databases through SDK
- How can I invoke Azure Trusted Signing from a Linux OS?
- How to transfer "Set Variable" activity output into Json file using "Copy Data" activity or any other options?
- Verify Microsoft Access token on my ASP.NET Core Web API
- I'm trying to install the package from a private Azure DevOps repository using the pip install command, but I'm encountering an error
- Unable to define the sites for an App Registration for SahrePoint with Site.Selected
- Check if the resource exists before using data
- Not able to see azure 'LifecyclePolicyCompleted event' log
- Direct Web Push gives Error when used from Notification Hub
- Azure Remove User Consent to API
- Flutter-Azure Deviops pipelineThe discrepancy between the number of tests reported as passed or failed in the pipeline output and the test report
- App_location on deployment of a static webapp
- MSINotEnabled - Can't use KeyVault Reference in Azure Function
- Reading values from a key value based file and passing these values to azure devops template
- Deleting an Azure Loadbalancer Frontend IP configuration from python?
- How to retrieve the front door id from a Microsoft CDN (classic)
- What is HEAD operation in CosmosDB reported in Azure Monitoring
- Deploying a Python App to Azure App Service with Github Actions
- How to Query User Access Logs for Azure Front Door
- How can I add email recipients to a Graph API request programmatically?
- How to create Azure Devops Service Connection Docker Registry Type Other
- Problem with CORS policy in React front end with FastAPI on the back trying to use Microsoft Single Sign-on
- Azure Document Intelligence Custom Classification Python API
- Azure Function App unaccounted for time in Application Insights Timeline