Referencing the Juju AWS IAM support, can you confirm the workflow you would prefer to use?
Note: we would be reusing the term "instance-role" to refer to the managed identity name, since this is the name of the constraint attribute already chosen and constraint attributes are used across providers.
For AWS we support 2 workflows. So we could do the same for Azure...
1. Have Juju create a suitable managed identity similar to what we do AWS:
Referencing the Juju AWS IAM support, can you confirm the workflow you would prefer to use?
Note: we would be reusing the term "instance-role" to refer to the managed identity name, since this is the name of the constraint attribute already chosen and constraint attributes are used across providers.
For AWS we support 2 workflows. So we could do the same for Azure...
1. Have Juju create a suitable managed identity similar to what we do AWS:
$ juju bootstrap --bootstrap- constraints= "instance- role=auto" azure
2. Create a user assigned managed identity "foo" in resource group "myrg", assign permissions, then
$ juju bootstrap -bootstrap- constraints= "instance- role=foo" --config resource- group-name= myrg azure
I guess you'd want to be able to use either workflow?