Azure登陆的两种常见方式(user 和 service principal登陆)
通过Powershell 登陆Azure(Azure MoonCake为例)一般常见的有两种方式
1. 用户交互式登陆
前提条件:有一个AAD account
# set Azure Enviroment into China Mooncake.
$EnvironmentName ="AzureChinaCloud"
# Give your subcriptionID here.
Login-AzureRmAccount -EnvironmentName 'AzureChinaCloud'
Set-AzureRmContext -SubscriptionId $SubscriptionId
Read-Host "Enter Password" -AsSecureString | ConvertTo-SecureString `
-AsPlainText -Force | ConvertFrom-SecureString | Out-File "C:\Password.txt"
# The azure account here must not be a Live ID.
$username = "<your Azure account>"
$SecurePassword = Get-Content "C:\Password.txt" | ConvertTo-SecureString
$cred = new-object -typename System.Management.Automation.PSCredential `
-argumentlist $username, $SecurePassword
Login-AzureRmAccount -Credential $cred -EnvironmentName 'AzureChinaCloud'
2. AAD Service Principal登陆 前提条件:
需要在Azure AD 中去注册一个app(service principal),并拿到这个app的Appliaction和key。此处你需要为app添加相应的权限。
运行完,直接根据选定的订阅就能操作Azure 订阅资源了。
# the AAD app applicationID
# AAD app key
# the AAD directory ID = tenantID
$TenantId= "*********************"
# set Azure to Mooncake
$EnvironmentName ="AzureChinaCloud"
$spPassword = ConvertTo-SecureString $ServicePrincipalPassword -AsPlainText -Force
$AzureServicePrincipalCreds = New-Object System.Management.Automation.PSCredential ($ServicePrincipalApplicationId, $spPassword)
Add-AzureRmAccount -Credential $AzureServicePrincipalCreds -ServicePrincipal -TenantId $TenantId -Environment $EnvironmentName
Set-AzureRmContext -SubscriptionId $SubscriptionId
缺点:泄露AAD app 的applicationID 和key 会比较麻烦。