Service Connections on Azure DevOps

You need to connect to external or remote services to execute tasks in a job. E.g.  you need to connect to your Microsoft Azure subscription through Azure devops to deploy the resources to a subscription.

You can define service connections in Azure Pipelines that are available for use in all your tasks. For example, you can create a service connection for your Azure subscription and use this service connection name in an Azure Web Site Deployment task in a release pipeline.

Once you create a new release pipeline in Azure devops, (detailed in my previous post) you will be asked to select the targeted Azure subscription containing the Azure App Service resources. From the drop down you will get a list with all the available Azure subscriptions that you can access. When you select the desired Azure subscription you get asked to authorize to configure an Azure service connection:

shph3dlb05g78yk3dyg9

And when you  hit the Authorize button I get the following error:

bf97ds1sw7q5g1gw98o4

This can be fixed by manually creating the Azure service connection using an Azure App Registration.

Create the Azure App Registration

Starting with the Azure Portal account, let’s create an app registration to represent our connection to Azure AD.

In Azure portal within the Azure Active Directory go to the App registrations tab and create a new registration. Provide a display name (e.g. Azure DevOps Connection) and Register the app.

Create a new client secret a.k.a. application password that we can use later in the setup of the Azure service connection in Azure DevOps.

5rfo5d0l5xxwzycqou3k

Then we need to assign that registration to the subscription containing the resources we want via Access Control.

Provide access to the Azure App Registration

Navigate to the resource group containing the Azure App Services that will be used for the deployment.

Capture

In the Access control panel add a new role assignment:

mqdgzteh4wcm3dxwdw5i

We are now ready to manually create the Azure service connection.

Creating Service Connection in Azure DevOps

When an application needs access to deploy or configure resources through ARM or VSTS in Azure, you’ll need to create a service principal, which is a credential for your application.

Now using the Azure DevOps account in Azure DevOps:

Capture

Provide the details for your Connection name, Subscription ID, Subscription Name and Tenant ID.

2019-02-07-01

Finally verify and save the service connection and you are good to go!

And that’s done! Now your pipelines can access the Azure resources.

Happy deploying!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s