loading...
TrueLime

How to connect the Azure DevOps Release pipeline and deploy to Azure using a Service Connection and Azure App Registration

jeroenfurst profile image Jeroen FΓΌrst Updated on ・3 min read

Every once in a while I get the opportunity to kick-start a new and exciting project. 😊 This allows me to refresh my knowledge and gives me a real taste of the latest technology trends and techniques. This includes the setup of the automated delivery pipeline using one of my favorite development platforms: Azure DevOps. ❀️ In this post I will cover some of the steps to automate the release from Azure DevOps to your Azure resources.

Create a new release pipeline in Azure DevOps

The first thing that we need to is to create a new release pipeline. You can either start from scratch or select from a list of predefined deployment templates. I prefer to use the Azure App Service deployment template and will use it in the rest of this post. πŸ‘‡

Connect the Azure subscription

After selecting the deployment template you will be asked to select the targeted Azure subscription containing the Azure App Service resoures. Via the drop down you get a list with all the available Azure subscriptions that you can access. When you select the desired Azure subscription you get asked to authorize to configure an Azure service connection:

Authorize to configure an Azure service connection

This is where the fun starts. πŸ˜… Whenever I hit the Authorize button I get the following error:

Service connection creation operation failed

The error message states that my account has insufficient privileges to create the Azure service principals needed to access and deploy to the Azure App Service. πŸ€·β€β™‚οΈ

Fortunately this can be fixed by manually creating the Azure service connection using an Azure App Registration. 😍

Create the Azure App Registration

In Azure portal within the Azure Active Directory goto the App registrations tab and create a new registration. Provide a user-facing display name (e.g. Azure DevOps Connection) and Register the app.

Note: You might not have enough permissions to access Azure Active Directory. In that case ask your friendly neighborhood system administrator for help. πŸ˜‡

Create a new client secret a.k.a. application password that we can use later in the setup of the Azure service connection in Azure DevOps.
Add a client secret

Tip: Store your application secrets and access keys in Azure Key Vault. πŸ”₯

The next step is to assign the correct permissions so that the app registration can access the required resources.

Provide access to the Azure App Registration

Navigate to the resource group containing the Azure App Services that will be used for the deployment. In the Access control (IAM) panel add a new role assignment:
Add role assignment

We are now ready to manually create the Azure service connection. 😁

Configure a new Azure service connection

Switch back to the newly created release pipeline in Azure DevOps and click on the Manage link next to the Azure subscription:

Manage service connections

Create a new service connection based on the Azure Resource Manager connection type and select the Service principal (manual) authentication method:
Select the authentication method

Note: the automatic and recommended authentication method will result in the same insufficient privileges error message as received earlier when hitting the Authorize button. πŸ‘€

Next provide the following data from your Azure Cloud subscription:

  • Subscription Id
  • Subscription Name
  • Service Principal Id (App Registration Application ID)
  • Service principal key (App Registration Client Secret created earlier on)
  • Tenant ID

Tip: Use the search function in Azure portal to quickly navigate to Subscriptions to grab the subscription ID and name or navigate to the Tenant properties for the tenant ID. πŸ’―

Finally verify and save the service connection and you are good to go! Happy deploying! 😊

Posted on May 8 by:

jeroenfurst profile

Jeroen FΓΌrst

@jeroenfurst

Hi there! I am Jeroen, Kentico MVP and Architect at TrueLime (Web Agency in The Netherlands).

TrueLime

TrueLime is expert in developing web applications, websites, customer portals and social intranets.

Discussion

markdown guide