Table of Contents

Search

  1. Preface
  2. Advanced clusters
  3. Setting up AWS
  4. Setting up Google Cloud
  5. Setting up Microsoft Azure
  6. Setting up a self-service cluster
  7. Setting up a local cluster
  8. Advanced configurations
  9. Troubleshooting
  10. Appendix A: Command reference

Advanced Clusters

Advanced Clusters

Step 9. Create a managed identity to access sources and targets (optional)

Step 9. Create a managed identity to access sources and targets (optional)

To use managed identity authentication when you connect to a source or target, create a user-assigned managed identity that grants access to the data.
  1. Create a managed identity named
    <data source>_access_identity
    .
  2. Assign the Azure built-in role Storage Blob Data Contributor to
    <data source>_access_identity
    , and set the scope of the access to the storage account, resource group, or resource that contains your data.
  3. Assign
    <data source>_access_identity
    to the Secure Agent machine.
  4. In the resource group that contains your data, allow the Secure Agent managed identity and the cluster service principal to access the data. Assign the built-in role Managed Identity Operator to
    agent_identity
    and
    cluster_principal
    .
    Alternatively, to limit the permissions given to the managed identities, you can create a custom role rather than using Managed Identity Operator. Assign the following permissions to the custom role:
    "Microsoft.ManagedIdentity/userAssignedIdentities/*/read", "Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action", "Microsoft.Authorization/*/read", "Microsoft.Resources/subscriptions/resourceGroups/read"
In the connection properties, ensure that you set
Client ID
to the client ID of
<data source>_access_identity
.
For more information, see
Connections
.

0 COMMENTS

We’d like to hear from you!