I was recently tasked with deploying applications to Azure resources and setting up a CI/CD pipeline in Azure DevOps. A crucial part of this process is creating a Service Connection, which allows Azure DevOps to interact with Azure resources securely.
This tutorial will guide you through the process of setting up a Service Connection in Azure DevOps using Azure Managed Identity. This method enhances security by leveraging Azure's built-in authentication mechanisms, eliminating the need to store sensitive credentials.
By following this guide, you'll learn how to:
- Set up a Service Connection in Azure DevOps
- Configure Azure Managed Identity for use with your Service Connection
Let's begin with the step-by-step process to create your Service Connection and configure the necessary Azure resources.
- Navigate to Project Settings and locate "Service Connections" under the Pipelines section. Click on "New Service Connection".
-
From the list of options, select "Azure Resource Manager". Then, choose "Workload Identity Federation (Manual)" as the authentication method.
Provide a descriptive name for your Service Connection in the designated field.
-
When proceeding to next step, you will see a form with several fields
to complete :- Subscription ID
- Subscription Name
- Service Principal ID
- Tenant ID
For the Subscription ID and Subscription Name, you can retrieve these details from the Resource Group information in the Azure Portal:
Navigate to your Resource Group in the Azure Portal
-
Look for the Subscription ID and Subscription Name in the Resource Group's overview section
Setup Azure Managed Identity for Service Principal ID & Tenant ID
-
In the Azure Portal, navigate to Managed Identity > Settings > Federated Credentials. Click on "Add Credential".
-
In the "Add Federated Credential" page, locate the "Federated credential scenario" field and select the "Other" option.
-
In the "Connect Your Account" section, populate the "Issuer URL" and "Subject Identifier" fields using the data provided in the Azure DevOps Service Connection Setup.
Assign a descriptive name to the Federated Credential, then click "Add" to create it.
After the Federated Credential is successfully saved, return to Managed Identity > Settings > Properties
-
In the Properties section, locate and copy the following data from the Managed Identity to the corresponding fields in the Azure DevOps Service Connection settings:
Managed Identity Field Azure DevOps Service Connection Field Client Id Service Principal Id Tenant Id Tenant Id -
Click on "Verify and Save". Ensure that the Managed Identity has the appropriate Role Assignments for the Service Connection to function correctly.
Congratulations! You've now set up a Service Connection in Azure DevOps using Azure Managed Identity. Here's a quick recap:
- You created a Service Connection in Azure DevOps
- You configured Azure Managed Identity for improved security
- Your Azure DevOps project is now linked to Azure resources without storing credentials
Remember to:
- Keep your Service Connection settings up to date
- Ensure your Managed Identity has the right permissions in Azure
- Test your new Service Connection with a simple pipeline
Happy Deploying!
Top comments (0)