Skip to content

Commit d485714

Browse files
Merge pull request #267249 from Blackmist/208845-identity
idle shutdown with managed identity
2 parents 78f03a0 + 8038fa2 commit d485714

File tree

2 files changed

+10
-0
lines changed

2 files changed

+10
-0
lines changed

articles/machine-learning/how-to-create-compute-instance.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -150,6 +150,9 @@ A compute instance won't be considered idle if any custom application is running
150150

151151
Also, if a compute instance has already been idle for a certain amount of time, if idle shutdown settings are updated to an amount of time shorter than the current idle duration, the idle time clock is reset to 0. For example, if the compute instance has already been idle for 20 minutes, and the shutdown settings are updated to 15 minutes, the idle time clock is reset to 0.
152152

153+
> [!IMPORTANT]
154+
> If the compute instance is also configured with a [managed identity](#assign-managed-identity), the compute instance won't shut down due to inactivity unless the managed identity has *contributor* access to the Azure Machine Learning workspace. For more information on assigning permissions, see [Manage access to Azure Machine Learning workspaces](how-to-assign-roles.md).
155+
153156
The setting can be configured during compute instance creation or for existing compute instances via the following interfaces:
154157

155158
# [Python SDK](#tab/python)
@@ -439,6 +442,9 @@ As an administrator, you can create a compute instance on behalf of a data scien
439442

440443
You can assign a system- or user-assigned [managed identity](../active-directory/managed-identities-azure-resources/overview.md) to a compute instance, to authenticate against other Azure resources such as storage. Using managed identities for authentication helps improve workspace security and management. For example, you can allow users to access training data only when logged in to a compute instance. Or use a common user-assigned managed identity to permit access to a specific storage account.
441444

445+
> [!IMPORTANT]
446+
> If the compute instance is also configured for [idle shutdown](#configure-idle-shutdown), the compute instance won't shut down due to inactivity unless the managed identity has *contributor* access to the Azure Machine Learning workspace. For more information on assigning permissions, see [Manage access to Azure Machine Learning workspaces](how-to-assign-roles.md).
447+
442448
# [Python SDK](#tab/python)
443449

444450
Use SDK V2 to create a compute instance with assign system-assigned managed identity:

articles/machine-learning/how-to-identity-based-service-authentication.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -291,6 +291,10 @@ Certain machine learning scenarios involve working with private data. In such ca
291291
To enable authentication with compute managed identity:
292292

293293
* Create compute with managed identity enabled. See the [compute cluster](#compute-cluster) section, or for compute instance, the [Assign managed identity](how-to-create-compute-instance.md#assign-managed-identity) section.
294+
295+
> [!IMPORTANT]
296+
> If the compute instance is also configured for [idle shutdown](how-to-create-compute-instance.md#configure-idle-shutdown), the compute instance won't shut down due to inactivity unless the managed identity has *contributor* access to the Azure Machine Learning workspace. For more information on assigning permissions, see [Manage access to Azure Machine Learning workspaces](how-to-assign-roles.md).
297+
294298
* Grant compute managed identity at least Storage Blob Data Reader role on the storage account.
295299
* Create any datastores with identity-based authentication enabled. See [Create datastores](how-to-datastore.md).
296300

0 commit comments

Comments
 (0)