Every once in a while I get the opportunity to kick-start a new and exciting project. 😊 This allows me to refresh my knowledge and gives me a real taste of the latest technology trends and techniques. This includes the setup of the automated delivery pipeline using one of my favorite development platforms: Azure DevOps. ❤️ In this post I will cover some of the steps to automate the release from Azure DevOps to your Azure resources.
The first thing that we need to is to create a new release pipeline. You can either start from scratch or select from a list of predefined deployment templates. I prefer to use the Azure App Service deployment template and will use it in the rest of this post. 👇
After selecting the deployment template you will be asked to select the targeted Azure subscription containing the Azure App Service resoures. Via the drop down you get a list with all the available Azure subscriptions that you can access. When you select the desired Azure subscription you get asked to authorize to configure an Azure service connection:
This is where the fun starts. 😅 Whenever I hit the Authorize button I get the following error:
The error message states that my account has insufficient privileges to create the Azure service principals needed to access and deploy to the Azure App Service. 🤷♂️
Fortunately this can be fixed by manually creating the Azure service connection using an Azure App Registration. 😍
In Azure portal within the Azure Active Directory goto the App registrations tab and create a new registration. Provide a user-facing display name (e.g. Azure DevOps Connection) and Register the app.
Note: You might not have enough permissions to access Azure Active Directory. In that case ask your friendly neighborhood system administrator for help. 😇
Tip: Store your application secrets and access keys in Azure Key Vault. 🔥
The next step is to assign the correct permissions so that the app registration can access the required resources.
We are now ready to manually create the Azure service connection. 😁
Switch back to the newly created release pipeline in Azure DevOps and click on the Manage link next to the Azure subscription:
Note: the automatic and recommended authentication method will result in the same insufficient privileges error message as received earlier when hitting the Authorize button. 👀
Next provide the following data from your Azure Cloud subscription:
- Subscription Id
- Subscription Name
- Service Principal Id (App Registration Application ID)
- Service principal key (App Registration Client Secret created earlier on)
- Tenant ID
Tip: Use the search function in Azure portal to quickly navigate to Subscriptions to grab the subscription ID and name or navigate to the Tenant properties for the tenant ID. 💯
Finally verify and save the service connection and you are good to go! Happy deploying! 😊