mirror of
https://github.com/microsoft/onefuzz.git
synced 2025-06-09 08:41:34 +00:00
dc354cffe3
* port template to bicep * Update src/deployment/azuredeploy.bicep Co-authored-by: Teo Voinea <58236992+tevoinea@users.noreply.github.com> * port template to bicep * adding type annotation * apply changes from #1679 Co-authored-by: stas <statis@microsoft.com> Co-authored-by: Teo Voinea <58236992+tevoinea@users.noreply.github.com>
29 lines
1.4 KiB
Markdown
29 lines
1.4 KiB
Markdown
# Managed Identities in OneFuzz
|
|
|
|
OneFuzz makes use of
|
|
[Managed identities](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview)
|
|
both in the API service as well as the managed VMs.
|
|
|
|
There are currently two uses of Managed Identities within OneFuzz:
|
|
|
|
1. The API service manages the full lifecycle of VMs, VM Scalesets, and Networks
|
|
in use in OneFuzz. In order to enable this, the service must have appropriate
|
|
role assignments permissions to manage these resources. At the moment, the
|
|
role assignments granted to the OneFuzz API are:
|
|
|
|
1. [Virtual Machine Contributor](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#virtual-machine-contributor)
|
|
1. [Network Contributor](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#network-contributor)
|
|
1. [Log Analytics Contributor](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#log-analytics-contributor)
|
|
|
|
See [azuredeploy.json](../src/deployment/azuredeploy.json) for the specific
|
|
implementation of these role assignments.
|
|
|
|
or
|
|
|
|
See [azuredeploy.bicep](../src/deployment/azuredeploy.bicep) for the specific
|
|
implementation of these role assignments.
|
|
|
|
1. VMs created by OneFuzz are created using the Managed Identities without roles
|
|
assigned in order to enable the OneFuzz agent running in the VMs to
|
|
authenticate to the service itself.
|