Access to Azure blobs from Azure Function by using Managed Identity
How to grant access to the blob files available on the Azure Storage Account without providing a SAS token nor Access Key? In some cases, it might be helpful, especially when access to the Azure Storage Account is available via Managed Instance. In that case, we don't want to use any secrets provided explicitly. In fact, we still want to use the SAS token behind the scene, but generated on-the-fly, with a very short lifetime. Each SAS token requires to be built based on the Access Key. We may want to use one of 2 access keys provided by the Storage Accounts, but it's not a good option as we don't want to deal with them. Azure lets us generate a temporary access key, based on our credentials, and then use it to generate a SAS token. In that case, we need to: Create a Storage Account Create Azure Function App Assign the Storage Blob Delegator (or Storage Blob Data Owner ) role to the Manage Identity of the Function App. The action needs to be performed ...