A common challenge for developers is the management of secrets and credentials used to secure communication between different components making up a solution. Managed Identity eliminate the need for developers to manage credentials.
To access Azure Container Registry (ACR) for Docker image, and Storage Account for trainig data, attach AMLArc compute with system-assigned or user-assigned managed identity enabled.
- You can assign Managed Identity to the compute in compute attach
- If the compute has been attached, you can update the settings of Managed Identity in Machine Learning Studio.
- Go to Azure Machine Learning Studio - Compute - Attached compute, select your attached compute.
- Edit Managed Identity.
Azure offers a couple of ways to assign roles to Managed Identity.
If use Portal to assign roles, and you have system-assigned managed identity, select User,group,or service principal. Click Select members, find and search the identity name formatted as
\<workspace name>/computes/\<compute target name>If you have user-assigned managed identity, select Managed identity to find the target identity.
"AcrPull" role shoule be granted to the compute Managed Identity.
- For read-only purpose,
Storage Blob Data Readerrole should be granted to the compute Managed Identity. - For read-write purpose,
Storage Blob Data Contributorrole should be granted to the compute Managed Identity.