2

Basically I'm trying to implement with Azure the following AWS pattern:

  • Assign an IAM role to an Vm (Aws instance equivalent)
  • Allow this role to access a certain container (AWS bucket equivalent) as read only and download from there

How it this possible with Azure?

AjayKumar
  • 2,812
  • 1
  • 9
  • 28
alonisser
  • 11,542
  • 21
  • 85
  • 139
  • I need to add Active Directory Domain Services role to a domain controller (VM). I can't find the role in IAM. – Mukus Jul 24 '20 at 01:58

3 Answers3

2

You can do this in Preview with "Managed Service Identity" (MSI)

Linux doc here: https://learn.microsoft.com/en-us/azure/active-directory/msi-tutorial-linux-vm-access-storage

Windows doc here: https://learn.microsoft.com/en-us/azure/active-directory/msi-tutorial-windows-vm-access-storage

Neil Sant Gat
  • 857
  • 6
  • 10
1

The equivalent to IAM in AWS to Azure is Role-Based Access Control .

You can use Role-Based Access Control to manage access to your Azure subscription resources.

Also if you wish you can create custom roles you can refer this, Creating custom roles for Azure Role-Based Access Control.

You can refer this for custom user roles, Assign custom roles for internal and external users

Jinesh Shah
  • 922
  • 10
  • 18
  • Thanks but but those resources don't seem to support Assigning a role to a vm, Which is the actual question. Any clues about that? – alonisser Sep 23 '17 at 20:09
0

Allow this role to access a certain container (AWS bucket equivalent) as read only and download from there.

For now, Azure does not support AD-based authentication or ACLs.

As a workaround, we can use shared access signatures (SAS).

A shared access signature (SAS) provides you with a way to grant limited access to objects in your storage account to other clients, without exposing your account key.

More information about Azure SAS, please refer to this link.

Jason Ye
  • 13,710
  • 2
  • 16
  • 25