AZ-400 · Question #585
You have an Azure subscription that contains 20 virtual machines. You plan to deploy an Azure infrastructure by using Bicep files. The files will be deployed by using self-hosted GitHub runners on the
The correct answer is D. user-assigned managed identities. To authenticate a self-hosted GitHub Actions runner with Azure, you'll typically use either a managed identity or a service principal with OpenID Connect (OIDC). Managed identities are generally preferred for simplicity and security, especially with Azure Virtual Machines. Altern
Question
Options
- Aservice principals
- Bsystem-assigned managed identities
- Cpersonal access tokens (PATs)
- Duser-assigned managed identities
How the community answered
(28 responses)- A11% (3)
- B4% (1)
- C4% (1)
- D82% (23)
Explanation
To authenticate a self-hosted GitHub Actions runner with Azure, you'll typically use either a managed identity or a service principal with OpenID Connect (OIDC). Managed identities are generally preferred for simplicity and security, especially with Azure Virtual Machines. Alternatively, you can use a service principal and configure it with a federated identity credential, which can be helpful in more complex scenarios. System-assigned managed identities are tied to a specific Azure resource and are deleted when the resource is deleted, while user-assigned managed identities are separate Azure resources that can be assigned to multiple resources. In this scenario we need only a single user-assigned managed identity. https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-manage- user-assigned-managed-identities https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure-identity
Topics
Community Discussion
No community discussion yet for this question.