使用 Azure 资源管理器创建、列出和删除用户分配的托管标识Create, list and delete a user-assigned managed identity using Azure Resource Manager

Azure 资源的托管标识在 Azure Active Directory 中为 Azure 服务提供了一个托管标识。Managed identities for Azure resources provide Azure services with a managed identity in Azure Active Directory. 此标识可用于向支持 Azure AD 身份验证的服务进行身份验证,这样就无需在代码中输入凭据了。You can use this identity to authenticate to services that support Azure AD authentication, without needing credentials in your code.

本文将使用 Azure 资源管理器创建用户分配的托管标识。In this article, you create a user-assigned managed identity using an Azure Resource Manager.

无法使用 Azure 资源管理器模板列出和删除用户分配的托管标识。It is not possible to list and delete a user-assigned managed identity using an Azure Resource Manager template. 请参阅以下文章来创建和列出用户分配的托管标识:See the following articles to create and list a user-assigned managed identity:

模板创建和编辑Template creation and editing

与 Azure 门户和脚本一样,Azure 资源管理器模板支持部署由 Azure 资源组定义的新资源或修改后的资源。As with the Azure portal and scripting, Azure Resource Manager templates provide the ability to deploy new or modified resources defined by an Azure resource group. 有多种可用于执行模板编辑和部署的方法(包括本地方法和基于门户的方法),包括:Several options are available for template editing and deployment, both local and portal-based, including:

创建用户分配的托管标识Create a user-assigned managed identity

若要创建用户分配的托管标识,你的帐户需要托管标识参与者角色分配。To create a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.

若要创建用户分配的托管标识,请使用以下模板。To create a user-assigned managed identity, use the following template. <USER ASSIGNED IDENTITY NAME> 值替换为自己的值:Replace the <USER ASSIGNED IDENTITY NAME> value with your own values:

重要

创建用户分配标识时,只能使用字母数字字符(0-9、a-z、A-Z)、下划线 (_) 和连字符 (-)。When creating user assigned identities, only alphanumeric characters (0-9, a-z, A-Z), the underscore (_) and the hyphen (-) are supported. 另外,为了确保能够正常分配给 VM/VMSS,名称长度应该为 3 到 128 个字符。Additionally, the name should be atleast 3 characters and up to 128 characters in length for the assignment to VM/VMSS to work properly. 请关注后续更新。Check back for updates. 有关详细信息,请参阅 FAQ 和已知问题For more information, see FAQs and known issues.

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "resourceName": {
          "type": "string",
          "metadata": {
            "description": "<USER ASSIGNED IDENTITY NAME>"
          }
        }
  },
  "resources": [
    {
      "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
      "name": "[parameters('resourceName')]",
      "apiVersion": "2018-11-30",
      "location": "[resourceGroup().location]"
    }
  ],
  "outputs": {
      "identityName": {
          "type": "string",
          "value": "[parameters('resourceName')]"
      }
  }
}

后续步骤Next steps

有关如何使用 Azure 资源管理器模板向 Azure VM 分配用户分配的托管标识的信息,请参阅使用模板在 Azure VM 上配置 Azure 资源的托管标识For information on how to assign a user-assigned managed identity to an Azure VM using an Azure Resource Manager template see, Configure managed identities for Azure resources on an Azure VM using a templates.