You need to connect to external or remote services to execute tasks in a job. E.g. you need to connect to your Microsoft Azure subscription through Azure devops to deploy the resources to a subscription.
You can define service connections in Azure Pipelines that are available for use in all your tasks. For example, you can create a service connection for your Azure subscription and use this service connection name in an Azure Web Site Deployment task in a release pipeline.
Once you create a new release pipeline in Azure devops, (detailed in my previous post) you will be asked to select the targeted Azure subscription containing the Azure App Service resources. From the drop down you will get a list with all the available Azure subscriptions that you can access. When you select the desired Azure subscription you get asked to authorize to configure an Azure service connection:
And when you hit the Authorize button I get the following error:
This can be fixed by manually creating the Azure service connection using an Azure App Registration.
Create the Azure App Registration
Starting with the Azure Portal account, let’s create an app registration to represent our connection to Azure AD.
In Azure portal within the Azure Active Directory go to the App registrations tab and create a new registration. Provide a display name (e.g. Azure DevOps Connection) and Register the app.
Create a new client secret a.k.a. application password that we can use later in the setup of the Azure service connection in Azure DevOps.
Then we need to assign that registration to the subscription containing the resources we want via Access Control.
Navigate to the resource group containing the Azure App Services that will be used for the deployment.
In the Access control panel add a new role assignment:
We are now ready to manually create the Azure service connection.
Creating Service Connection in Azure DevOps
When an application needs access to deploy or configure resources through ARM or VSTS in Azure, you’ll need to create a service principal, which is a credential for your application.
Now using the Azure DevOps account in Azure DevOps:
Provide the details for your Connection name, Subscription ID, Subscription Name and Tenant ID.
Finally verify and save the service connection and you are good to go!
And that’s done! Now your pipelines can access the Azure resources.