Managed Identity for Stream Analytics Job Authentication
PythonManaged identities provide an Azure Active Directory identity to services, enabling secure communication with other Azure services without needing to manage credentials. With Azure Stream Analytics, a managed identity can authenticate to services that the streaming job may need to access, such as Azure Blob Storage or Azure SQL Database.
Here's how you can use a managed identity with an Azure Stream Analytics job using Pulumi. I'll walk you through creating a Stream Analytics job and assign a managed identity for authentication.
First, we'll need the
azure-native
package, which provides idiomatic Pulumi access to Azure resources. We'll be defining aStreamingJob
and passing inidentity
as a property, which specifies the managed identity settings for the Stream Analytics job.Below, I've written a Pulumi program that creates a user-assigned managed identity and then creates a Stream Analytics job that uses this identity:
import pulumi import pulumi_azure_native.streamanalytics as stream_analytics import pulumi_azure_native.authorization as authorization import pulumi_azure_native.resources as resources # Create a resource group resource_group = resources.ResourceGroup("resourceGroup") # Create a user-assigned managed identity identity = authorization.UserAssignedIdentity("streamAnalyticsIdentity", resource_group_name=resource_group.name, # Location needs to be the same as the resource group and resources we want to access location=resource_group.location, ) # Create a Stream Analytics job with the managed identity streaming_job = stream_analytics.StreamingJob("streamingJob", resource_group_name=resource_group.name, identity=stream_analytics.StreamingJobIdentityArgs( type="UserAssigned", # Specifies the type of managed identity user_assigned_identities={ identity.id: {}, # Associate the managed identity with the job }, ), # Other necessary properties here... location=resource_group.location, ) # Export the principal ID of the managed identity which can be used to set access policies on other resources pulumi.export("managed_identity_principal_id", identity.principal_id)
Let's walk through the code:
- We import the necessary modules. This includes the
streamanalytics
for Azure Stream Analytics,authorization
for managed identities, andresources
for Azure resource management. - We create a new resource group that will contain our Stream Analytics job and managed identity.
- We create a user-assigned managed identity with
authorization.UserAssignedIdentity
. We bind it to the same resource group and location as the Stream Analytics job. - We define a new Stream Analytics job using
stream_analytics.StreamingJob
and pass the managed identity in theidentity
parameter. - We export the
principal_id
of the managed identity, which you might use to grant the identity access to other resources like Blob Storage containers or SQL databases that the Streaming Job will interact with.
Remember that this program assumes that you have already configured the Pulumi Azure provider with the appropriate credentials and subscription information.
To apply this Pulumi configuration, save this code to a file named
__main__.py
and runpulumi up
in the same directory. Pulumi will perform the deployment and create the resources in your Azure subscription.- We import the necessary modules. This includes the