Skip to content

configure-managed-identity-apim-reader.md

Latest commit

 

History

History
79 lines (61 loc) · 2.82 KB

configure-managed-identity-apim-reader.md

File metadata and controls

79 lines (61 loc) · 2.82 KB
title Include file
description Include file
services api-center
ms.service azure-api-center
ms.topic include
ms.date 10/18/2024
ms.custom Include file

To allow import of APIs, assign your API center's managed identity the API Management Service Reader role in your API Management instance. You can use the portal or the Azure CLI.

Portal

  1. In the portal, navigate to your API Management instance.
  2. In the left menu, select Access control (IAM).
  3. Select + Add role assignment.
  4. On the Add role assignment page, set the values as follows:
    1. On the Role tab, select API Management Service Reader.
    2. On the Members tab, in Assign access to - Select Managed identity > + Select members.
    3. On the Select managed identities page, select the system-assigned managed identity of your API center that you added in the previous section. Click Select.
    4. Select Review + assign.

Azure CLI

  1. Get the principal ID of the identity. For a system-assigned identity, use the az apic show command.

    #! /bin/bash
apicObjID=$(az apic show --name <api-center-name> \
    --resource-group <resource-group-name> \
    --query "identity.principalId" --output tsv)

    # Formatted for PowerShell
$apicObjID=$(az apic show --name <api-center-name> `
    --resource-group <resource-group-name> `
    --query "identity.principalId" --output tsv)

  2. Get the resource ID of your API Management instance using the az apim show command.

    #! /bin/bash
apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)

    # Formatted for PowerShell
$apimID=$(az apim show --name <apim-name> --resource-group <resource-group-name> --query "id" --output tsv)

  3. Assign the managed identity the API Management Service Reader role in your API Management instance using the az role assignment create command.

    #! /bin/bash
scope="${apimID:1}"

az role assignment create \
    --role "API Management Service Reader Role" \
    --assignee-object-id $apicObjID \
    --assignee-principal-type ServicePrincipal \
    --scope $scope 

    # Formatted for PowerShell
$scope=$apimID.substring(1)

az role assignment create `
    --role "API Management Service Reader Role" `
    --assignee-object-id $apicObjID `
    --assignee-principal-type ServicePrincipal `
    --scope $scope