Use Azure Stream Analytics Managed Identity to access SQL DB using terraform
There is an option to create Managed Identity from terraform for Stream analytics job (azurerm_stream_analytics_job, using identity block).
And it is possible to use Managed Identity to connect to databases (as explained here)
But I could not find how to use managed identity to create input using azurerm_stream_analytics_reference_input_mssql
UPDATE:
To be clear, thats what I am after:
And then
Solution
As Per July 2022
It does not look like terraform is supporting it (see documentation).
With this arm template, I was able to deploy ("authenticationMode": "Msi"):
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"streamAnalyticsJobName": {
"type": "string"
},
"streamAnalyticsJobNameInputName": {
"type": "string"
},
"sqlServerName": {
"type": "string"
},
"databaseName": {
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.StreamAnalytics/streamingjobs/inputs",
"apiVersion": "2017-04-01-preview",
"name": "[format('{0}/{1}', parameters('streamAnalyticsJobName'), parameters('streamAnalyticsJobNameInputName'))]",
"properties": {
"type": "Reference",
"datasource": {
"type": "Microsoft.Sql/Server/Database",
"properties": {
"authenticationMode": "Msi",
"server": "[parameters('sqlServerName')]",
"database": "[parameters('databaseName')]",
"refreshType": "Static",
"fullSnapshotQuery": "SELECT Id, Name, FullName\nFrom dbo.Device\nFOR SYSTEM_TIME AS OF @snapshotTime --Optional, available if table Device is temporal"
}
}
}
}
]
}
So you could always use azurerm_template_deployment resource to deploy using terraform.
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs