Azure DevOps Connect To Azure Cloud Using Service Principal

There are multiple ways to connect Azure Cloud from Azure DevOps. This is required to manage Azure Resource from DevOps to manage infrastructure.

From top view there are two main possibility.

  1. Azure Subscription Account and Azure DevOps account is similar.
  2. Azure Subscription Account and Azure DevOps account is not same. ( If there is a requirement to use from some other pipeline like Jenkins)

Azure Subscription Account and Azure DevOps account is similar. ( Or Automatic Service Principal)

Let's quickly discuss first case and then will check second.

  • Go to Project Settings in Azure. image.png

  • From there go to Service Connections. image.png

  • Click on "New Service Connection" image.png

  • It display following pop-up. image.png Here either Azure Classic or Azure Resource Manager can be selected. Azure Resource Manager is the new way to do it. So here will select that option.

  • Next screen select following way. If there is already service principal created then choose manual otherwise automatic. Next section will explain bit more on manual but here select automatic. This will create Service Principal and goes to next screen. image.png

  • Next screen is for select subscription , select resource group (leave it blank if it is for all resource group). Give Service connection name and click save. image.png

  • Now this connection available for selection in "Release" pipeline. In "Azure Resource Manager Connection" select connection name that created in previous step. image.png

Azure Subscription Account and Azure DevOps account is similar. ( Manual Service Principal)

In previous section, everything around same account so it is seamless. Now if you Azure DevOps account and Azure Cloud subscription both are not same then it will available automatic in service connection creation. You will not see Azure Cloud subscription as account are different.

To do this, it is required to create service principal. It can be done via az cli or can be used azure cloud shell. Both the location command will be similar.

  • Login to Azure Cli. It will prompt browser and provided Azure Cloud subscription credential.

    az login
    
  • Once login successful, execute following command.

    az ad sp create-for-rbac
    
  • Once it successfully execute It will prompt with following result. For security reason content is masked. image.png

  • Now go to Azure DevOps and Go up-to the screen of selection of service principal. Here select Service Principal (manual) and click next.

    image.png

  • In this screen needs to map multiple information. image.png

NamePossible value
Subscription Idyour azure subscription id. from Azure cloud this value available.
Subscription namesubscription name from azure cloud.
Service Principal IdappId from previous step.
Service Principal Keypassword from previous step.
Tenant Idazure cloud subscription tenant id.
Connection namegive any valid name and this will be used in release pipeline.
  • Once all information provided, click on "Verify". It should return success.
  • Lastly save and verify.

Now using above service principal it is possible to connect from other pipeline or from any where.

Hope this helps.