Azure Question posted in
The official documentation to get you started can be found here.

Identify unused managed identity via Azure cli

We do have lot of user managed identity created in our resource group and only few identity has been assigned to machine learning compute.

Im working on a task to identify the list of unused managed identity via azure cli.

I can able to list all the user managed identity under RG, but cant able to fiter out the unused one ( eg: the resource attached to the managed identity = 0 ) . If anybody has the cli command, please share.

Thanks

Tags:

2

Answers


  1. 0

    To identify unused managed identities, you can use the following script:

    $identities = az identity list --query "[?type=='SystemAssigned']. [name], [?type=='UserAssigned']. [name]" -o tsv

$unusedIdentities = @ ()

foreach ($identity in $identities) {
$resourceGroup = (az resource show --name $identity --query "resourceGroup" -o tsv)
$date = (az resource show --name $identity --query "properties.creationTime" -o tsv)

if (! $resourceGroup -or (New-TimeSpan -Start $date). Days -gt 30) {
$unusedIdentities += $identity
}
}

$unusedIdentities

    This script lists all managed identities that have not been used in the last 30 days. You can modify the number of days as per your requirement. The script first lists all managed identities and then loops through each identity to check if it has been used in the last 30 days. If not, it adds the identity to the list of unused identities.

    Removing Unused Managed Identities
    Once you have identified unused managed identities, you can remove them using the following commands:

    System-assigned managed identity: To remove a system-assigned managed identity, you can simply delete the resource that the identity is assigned to. The identity will be deleted automatically.
    User-assigned managed identity: To remove a user-assigned managed identity, you can use the following command:

    az identity delete –name

    Managed identities in Azure provide an easy way to manage identity and access for applications running on Azure services.
    Azure CLI can be used to list all managed identities and identify unused managed identities.
    Unused managed identities can be removed to reduce clutter and manage costs.
    References
    Managed identities for Azure resources overview
    az identity – List managed identities
    az resource – Show resource details
    az identity – Delete a managed identity

    https://devcodef1.com/news/1459599/identify-unused-managed-identity

    Login or Signup to reply.
  2. 0

    az identity list-resources --resource-group <ResourceGroupName> --name <ManagedIdentityName> will return a list of resources associated with the managed identity, or empty if there are none

    https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-view-associated-resources-for-an-identity#command-line-interface

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search