You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Azure App Configuration supports following methods to read and manage your configuration for deployment:
16
+
16
17
-[ARM template](./quickstart-resource-manager.md)
17
18
-[Bicep](./quickstart-bicep.md)
18
19
- Terraform
19
20
20
21
## Manage Azure App Configuration resources in deployment
21
-
### Authorization
22
+
23
+
### Azure Resource Manager Authorization
24
+
22
25
You must have permissions to manage Azure App Configuration resources. Azure role-based access control (Azure RBAC) roles that provide these permissions include the Microsoft.AppConfiguration/configurationStores/write or Microsoft.AppConfiguration/configurationStores/* action. Built-in roles with this action include:
26
+
23
27
- The Azure Resource Manager Owner role
24
28
- The Azure Resource Manager Contributor role
25
29
26
30
To learn more about Azure RBAC and Microsoft Entra ID, see [Authorize access to Azure App Configuration using Microsoft Entra ID](./concetp-enable-rbac.md).
27
31
28
32
## Manage Azure App Configuration data in deployment
33
+
29
34
Azure App Configuration data, such as key-values and snapshots, can be managed in deployment. It is recommended to configure **Pass-through** ARM authentication mode to require proper Azure App Configuration data plane authorization.
30
35
31
36
### ARM authentication mode
37
+
32
38
# [Azure portal](#tab/portal)
33
39
34
40
To configure ARM authentication mode of Azure App Configuration resource in the Azure portal, follow these steps:
@@ -47,14 +53,17 @@ To configure ARM authentication mode of Azure App Configuration resource in the
47
53
> [!NOTE]
48
54
> Local authentication mode is for backward compatibility and has several limitations. It does not support proper auditing for accessing data in deployment. Under local authentication mode, key-value data access inside an ARM template/Bicep/Terraform is disabled if [access key authentication is disabled](./howto-disable-access-key-authentication.md#limitations). Azure App Configuration data plane permissions are not required for accessing data under local authentication mode.
49
55
50
-
### Authorization
56
+
### Azure App Configuration Authorization
57
+
51
58
In addition to the permissions required for managing Azure App Configuration resource, you must have data plane permissions to read and manage Azure App Configuration data in deployment under pass-through mode. Azure App Configuration data plane permissions include Microsoft.AppConfiguration/configurationStores/keyValues/read and Microsoft.AppConfiguration/configurationStores/snapshots/read. Built-in roles with this action include:
59
+
52
60
- App Configuration Data Owner
53
61
- App Configuration Data Reader
54
62
55
63
To learn more about Azure RBAC and Microsoft Entra ID, see [Authorize access to Azure App Configuration using Microsoft Entra ID](./concetp-enable-rbac.md).
56
64
57
65
### ARM private access
66
+
58
67
[Azure Resource Management Private Link](../../includes/resource-manager-create-rmpl.md) can be set up to restrict access for managing resources in your virtual network. Azure App Configuration supports ARM Private Link access to the App Configuration data under pass-through authentication mode and ARM private access enabled.
0 commit comments