How to create a service connection for Azure in Azure Devops with pictures

0 votes
I am confused about the service connection topic on DevOps. I want to create a service connection to connect to azure and deploy to my App Service through a pipeline. My subscription isn't listed in the drop-down menu and, I get a lot of errors such as "Failed to obtain the JSON Web Token(JWT)" & "Failed to query service connection API ... AuthorizationFailed". can someone guide me properly to create a service connection?
Mar 15, 2022 in DevOps on Cloud by Kichu
• 19,040 points
821 views

1 answer to this question.

0 votes

Create App Registration and define roles

What you will need to do first is create app registration. App registration is the role-based identity that your pipeline will use for deployment.

In the Azure portal, go to Azure Active Directory | App registrations (in the sidebar) | New registration.

App registrations page

Give a name for the app registration. Don't worry about the other settings; leave them default. Click Register. Pro-tip: Prefixing related resources and entities with your project name (like <project name>-appregistration) will help you quickly find them later.

We need to give your app registration permission to access and deploy to your App Service or whatever resource you wish to deploy to.

Go to the App Service page | Access control (IAM) | + Add | Add role assignment. Fill out the fields:

  • Role: Contributor
  • Assign access to: Azure AD user, group, or service principal
  • Select: search for and select the app registration you just made

Click Save. You should see the app registration get added as a Contributor.

Access control

We also need to give read permissions for your subscription. I have no idea why it requires read access to subscriptions, but the connection fails if you don't do this.

Similar to the last step, go to your subscription (the one you are using for your app service) | Access control (IAM) | + Add | Add role assignment.

  • Role: Reader
  • Assign access to: Azure AD user, group, or service principal
  • Select: select the app registration, then save.

Create service connection

Go to your project in Azure DevOps, then Project settings in the sidebar | Service connections | New service connection. The connection type is Azure Resource Manager.

Here is where I got lost before because this interface doesn't list my subscription. But if it works for you, it should automatically get the correct variables for you, I believe. If it doesn't work, keep reading.

Azure Resource Manager service connection

Click "use the full version of the service connection dialog". Here is how to fill out this complicated form.

  • Connection name: choose a name (I suggest <project name>-serviceconnection)
  • Environment: AzureCloud
  • Scope level: Subscription
  • Subscription ID: Get this from your subscription resource (see screenshot)
  • Subscription name: Get this from your subscription resource
  • Service principal client ID: App registration's Application (client) ID
  • Service principal key: On the app registration page, go to Certificates & Secrets.
    • Create a secret and copy the secret value. The expiration date of Never is fine.
    • Do not store this string; you can always create a new one.
  • Tenant ID: App registration's Directory (tenant) ID
  • Allow all pipelines to use this connection checkbox: Turn this on for testing; you can change it later.

Subscription

App registration

App registration secret

Click "Verify connection". It should say "Verified" in green. If the connection failed and you are sure you followed all the steps, wait 10 minutes and try again. After it's verified, you can click OK.

Verified

To use the service connection, reference the connection name you gave it earlier, in the correct field of the pipeline task. When you first try to run the pipeline, the build screen might show a message saying the connection isn't authorized.

Build page

Click "Authorize resources". You can see authorized pipelines on the Security page of the service connection. Run the build manually via the Queue button.

Also check How to create a service connection for Azure in Azure DevOps with pictures?

answered Mar 16, 2022 by narikkadan
• 63,600 points

Related Questions In DevOps on Cloud

0 votes
0 answers
0 votes
1 answer

How to manage Application version for VM&#39;s in Azure Autoscaling group

First of all, You have to launch ...READ MORE

answered Apr 24, 2018 in DevOps on Cloud by shubham
• 7,340 points
1,152 views
0 votes
1 answer

I am looking for a python code to get my Azure VM status in my email , like whether the running vms port is open to the internet. If its open to internet I should get a mail notification

Hey, @Sourav, Check this out https://www.edureka.co/community/66025/azure-vm-monitoring It deals with ...READ MORE

answered May 29, 2020 in DevOps on Cloud by Sirajul
• 59,230 points
1,800 views
0 votes
1 answer
0 votes
0 answers

OWASP Zed Attack Proxy Scan in DevOps pipeline

I want to do the "Authenticated Scan" ...READ MORE

Mar 15, 2022 in DevOps Tools by Kichu
• 19,040 points
847 views
0 votes
0 answers

Multiple YAML build pipelines in Azure DevOps

Using the new YAML way I want ...READ MORE

Mar 15, 2022 in DevOps Tools by Kichu
• 19,040 points
1,130 views
0 votes
1 answer

What is the correct way to setup Azure Artifacts in Azure DevOps?

Refer: https://docs.microsoft.com/en-us/azure/devops/artifacts/get-started-maven?view=azure-devops this will show you how to create ...READ MORE

answered Apr 5, 2022 in DevOps on Cloud by narikkadan
• 63,600 points
483 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP