ExternalVendorCode/onefuzz
1
0
Fork 0
mirror of https://github.com/microsoft/onefuzz.git synced 2025-06-08 16:21:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
onefuzz/docs/managed-identities.md
Stas dc354cffe3
port arm template to bicep (#1724) 
* port template to bicep

* Update src/deployment/azuredeploy.bicep

Co-authored-by: Teo Voinea <58236992+tevoinea@users.noreply.github.com>

* port template to bicep

* adding type annotation

* apply changes from #1679

Co-authored-by: stas <statis@microsoft.com>
Co-authored-by: Teo Voinea <58236992+tevoinea@users.noreply.github.com>
2022-03-31 08:18:44 -07:00

1.4 KiB
Raw Permalink Blame History

Managed Identities in OneFuzz

OneFuzz makes use of Managed identities both in the API service as well as the managed VMs.

There are currently two uses of Managed Identities within OneFuzz:

  1. The API service manages the full lifecycle of VMs, VM Scalesets, and Networks in use in OneFuzz. In order to enable this, the service must have appropriate role assignments permissions to manage these resources. At the moment, the role assignments granted to the OneFuzz API are:

    1. Virtual Machine Contributor
    2. Network Contributor
    3. Log Analytics Contributor

    See azuredeploy.json for the specific implementation of these role assignments.

    or

    See azuredeploy.bicep for the specific implementation of these role assignments.

  2. VMs created by OneFuzz are created using the Managed Identities without roles assigned in order to enable the OneFuzz agent running in the VMs to authenticate to the service itself.