Using System-Assigned Managed Identity for Blob Storage Access in Azure Synapse Analytics

Vinit Joshi 5 Reputation points
2024-10-28T12:13:39.88+00:00

Hello guys!

I'm working on a project in Azure Synapse Analytics and want to switch from using a connection string to a system-assigned managed identity for accessing Blob Storage. I’ve enabled the managed identity and assigned the appropriate role, but I’m unsure about the exact implementation steps in my Synapse notebook.

Can anyone provide guidance or code examples for accessing Blob Storage securely using a managed identity?

Many thanks in advance.

Thanks & Regards,

Vinit Joshi

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
709 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,012 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Chandra Boorla 3,460 Reputation points Microsoft Vendor
    2024-10-28T21:43:08.7166667+00:00

    Hi @Vinit Joshi

    Greetings & Welcome to Microsoft Q&A forum! Thanks for posting your query!

    Switching to a System-Assigned Managed Identity for accessing Azure Blob Storage in Azure Synapse Analytics is a great way to enhance security. Here’s a step-by-step guide on how to configure and use the managed identity in your Synapse notebook:

    • Enable System-Assigned Managed Identity Ensure that the system-assigned managed identity is enabled for your Synapse workspace.
    • Assign Role to Managed Identity Assign the appropriate role (e.g., Storage Blob Data Contributor) to the managed identity for the Blob Storage account. Navigate to your Blob Storage account in the Azure Portal. Go to Access Control (IAM). Click on Add role assignment. Select the role (e.g., Storage Blob Data Contributor). Assign the role to the managed identity of your Synapse workspace.
    • Access Blob Storage in Synapse Notebook Use the Azure SDK for Python (azure-identity and azure-storage-blob libraries) to access Blob Storage with the managed identity. You can install these libraries if they are not already available in your Synapse environment.
    # Install the required packages
    !pip install azure-identity azure-storage-blob 
    # Import necessary libraries
    from azure.identity import ManagedIdentityCredential
    from azure.storage.blob import BlobServiceClient 
    # Create a managed identity credential object
    credential = ManagedIdentityCredential() 
    # Create a BlobServiceClient object using the managed identity credential
    blob_service_client = BlobServiceClient(account_url="https://<your-storage-account-name>.blob.core.windows.net", credential=credential) 
    # Specify the name of the container and the blob to access
    container_name = "<your-container-name>"
    blob_name = "<your-blob-name>"
    # Get the container client using the get_container_client method of the BlobServiceClient object
    container_client = blob_service_client.get_container_client(container_name) 
    # Get the blob client using the get_blob_client method of the container client object
    blob_client = container_client.get_blob_client(blob_name) 
    # Download the content of the blob using the download_blob method of the blob client object and read it using the readall method
    downloaded_blob = blob_client.download_blob().readall() 
    # Print the content of the blob
    print(downloaded_blob)
    

    By following these steps, you should be able to securely access Azure Blob Storage using a system-assigned managed identity in your Azure Synapse Analytics notebooks.

    For reference, please refer to the following documentations:

    https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-python?tabs=managed-identity%2Croles-azure-portal%2Csign-in-azure-cli&pivots=blob-storage-quickstart-scratch

    https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-download-python

    I hope this information helps. Please do let us know if you have any further queries.

    If this answers your query, do click `Accept Answer` and `Yes` for was this answer helpful. And, if you have any further query do let us know.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.