Creating a Service Connection for Azure Resources
Ankit Ranjan (DevOps Engineer)
Actively Seeking Full-time Azure DevOps/Azure Cloud Engineer Opportunities | Certified Terraform Associate | IAM-Azure DevOps Engineer | Ebug India
In today's Post, We will learn how to create a service connection to release your application on Azure resources.
First, you must obtain an Azure credential from the Azure portal.
Exploring Azure App Registration
Azure app registration is the process that provides the necessary credentials for Azure Pipelines to deploy applications to Azure resources. Follow these steps to create an Azure app registration:
1. Go to [Microsoft Entra ID](https://portal.azure.com).
2. Click on App registrations, then select + New registration.
3. Click on the Register an application option. Now, you need to provide a name for the registered application. Then, choose from the following four account types:
1. Single tenant - Only one identity in a single Azure account.
2. Multiple identities in one Azure account.
3. Multiple identities, including personal Microsoft accounts in one Azure account.
4. Personal Microsoft accounts only in one Azure account.
After selecting the appropriate option, click Register.
4. After registering the app ID, navigate to Certificates & Secrets to create a secret. Click on + New client secret and select Add a client secret. Provide a description and expiry date, then click Add.
5. Do not forget to copy the secret value – it will disappear, and you cannot recover it after you close this page:
6. Copy the highlighted information to prepare for creating a service connection:
Creating a Service Connection
To deploy an application on Azure, you need to create a service connection, which is a service account that allows you to access Azure resources. Follow these instructions:
1. After creating an app registration in the Azure portal, go to [Azure DevOps](https://dev.azure.com/) and click Sign in.
2. Click on Project settings | Service connections > Create service connection:
3. Select Azure Resource Manager and click Next:
Authentication Method Options
4. Choose an authentication method from the following options:
领英推荐
- Automatic Discovery: Automatically finds service principals in all Azure resources.
- Manual Entry: Manually enter all app ID information, allowing easy access to Azure resources.
- Existing Identity: Use an existing identity that is used for another system.
- Export Public Profile: Export the public profile from the Azure portal page and use it.
For this example, select the second option, Service principal (manual), and click Next.
Completing the Service Connection Setup
5. Fill in the required fields as follows, then click Verify and save:
- Environment: Azure Cloud
- Scope Level: Subscription (choose this to limit the scope of permission to the subscription level for risk management)
- Subscription ID: <Check on the subscription menu>
- Subscription Name: <Check on the subscription menu>
- Service Principal ID: <Client ID of the app registration>
- Credential: Service principal key
- Service Principal Key: <Secret of the app registration>
- Tenant ID: <Tenant ID of the app registration>
- Service Connection Name: sp-for-DevOps
- Security: Turn on "Grant access permission to all pipelines".
6. You can now view the new service connection:
In this Post, We learned how to create a variable group to share across all pipelines and how to link a variable group to an existing pipeline.
"In our upcoming post, we'll explore how to upload secret files and connect them to your pipelines.
Microsoft Learn Microsoft Azure Microsoft Azure DevOps