系统分配的托管身份的生命周期直接与启用的Azure资源的生命周期有关。创建系统分配的托管身份时,它会自动链接到Azure资源(例如虚拟机或应用服务)并共享其生命周期。这意味着,当删除Azure资源时,系统分配的托管身份也会自动删除[1] [3] [5]。这种方法简化了不需要超过父母资源的资源的管理。
相比之下,用户分配的托管身份被创建为独立的Azure资源。它的生命周期独立于任何特定的Azure资源,从而可以在多个资源中共享它[2] [4] [7]。这意味着,即使删除了所有相关资源,用户分配的托管身份仍保持活跃,直到用户明确删除它为止。这种灵活性对于需要访问相同服务或经常回收资源但需要一致的权限的方案很有用[2] [3]。
引用:
[1] https://cloudtips.nl/the-magic-of-azure-managed-indistities-indistities-indistities-istines-vis%b8%8F-19747C37E652
[2] https://docs.azure.cn/en-us/entra/indentity/managed-indentities-indentities-indiesities-ientities-azure-resources/overview
[3] https://www.varonis.com/blog/azure-managed-istentities
[4] https://m365internals.com/2021/11/11/11/lateral-movement-with-managed-managed-indistities-ozure-virtual-machines/
[5] https://learn.microsoft.com/en-us/entra/indentity/managed-indentities-indentities-indistities-iendity-azure-resources/overview
[6] https://blog.johnfolberth.com/azure-managed-indistities-indisities-user-vs-system-symigned/
[7] https://blueprint.asd.gov.au/design/platform/Indentity/managed/
[8] https://stackoverflow.com/questions/61322079/difference-betweew-service-principal-and-managed-indistities-indiondities-in-azure