|
|
|
|
|
|
by deathanatos
74 days ago
|
|
|
> Why would an Azure customer need to query this service at all? I was not aware this service even exists- because I never needed anything like it. The "metadata service" is hardly unique to Azure (both GCP & AWS have an equivalent), and it is what you would query to get API credentials to Azure (/GCP/AWS) service APIs. You can assign a service account² to the VM¹, and the code running there can just auto-obtain short-lived credentials, without you ever having to manage any sort of key material (i.e., there is no bearer token / secret access key / RSA key / etc. that you manage). I.e., easy, automatic access to whatever other Azure services the workload running on that VM requires. ¹and in the case of GCP, even to a Pod in GKE, and the metadata service is aware of that; for all I know AKS/EKS support this too ²I am using this term generically; each cloud provider calls service accounts something different. |
|
|