Hands-on demo – Setting up Service Connections in Azure DevOps

Hands-on demo – Setting up Service Connections in Azure DevOps

Here’s a step-by-step guide to set up a service connection in Azure DevOps. This demo assumes you're using the Azure DevOps web portal.

1. Navigate to Project Settings

1. Open your Azure DevOps project.

2. In the bottom-left corner of the screen, click Project Settings.

2. Open Service Connections

1. Under the Pipelines section in the left sidebar, click on Service connections.

2. This will display a list of existing service connections (if any).

3. Add a New Service Connection

1. Click on the New service connection button in the top-right corner.

2. Select the type of service connection you want to set up. Common options include:

   • Azure Resource Manager (for Azure resources like VMs, App Services, etc.)

   • Kubernetes (for AKS or other Kubernetes clusters)

   • GitHub (for GitHub repositories)

   • AWS (for Amazon Web Services resources)

   • Docker Registry (for containerized applications)

   • Others (depending on the tool or platform you’re using).

4. Configure the Service Connection

Azure Resource Manager (Example):

1. Select Azure Resource Manager and click Next.

2. Choose the authentication method:

   • Service principal (automatic): Recommended for most users. Azure DevOps automatically creates the service principal.

   • Service principal (manual): Requires you to manually enter subscription details and credentials.

   • Managed identity: Use Azure DevOps-managed identity to access Azure resources.

3. Fill in the details:

   • Subscription: Select the Azure subscription.

   • Resource Group (optional): Scope the connection to a specific resource group.

   • Service Principal: Automatically populated if you choose the automatic option.

4. Provide a Connection Name and Description (optional).

5. Check the box for granting access permission to all pipelines.

6. Click Verify and Save to complete.

AWS (Example):

1. Select AWS and click Next.

2. Enter the Access Key ID and Secret Access Key for your AWS account.

3. Specify a Service Connection Name.

4. Verify the connection by clicking Verify.

5. Click Save to complete.

Kubernetes (Example):

1. Select Kubernetes and click Next.

2. Choose your cluster connection type:

   • Azure Kubernetes Service (AKS): Use an Azure Resource Manager service connection.

   • Kubeconfig: Upload or paste the kubeconfig file for your cluster.

3. Provide a Namespace (optional).

4. Specify a Service Connection Name.

5. Verify and save the connection.

5. Grant Permissions

1. After saving the connection, ensure that your build/release pipelines have permission to use it.

2. Click on the newly created service connection.

3. Under the Security tab, verify that the appropriate users, groups, or pipelines have Use permissions.

6. Use the Service Connection in a Pipeline

1. Open your pipeline YAML or Classic Editor.

2. Reference the service connection name in the appropriate task.

YAML Example:

xxxxxxxxxx
12
1
resources:
2
  connections:
3
   - name: '<ServiceConnectionName>'
4
      type: 'AzureRM'
5
steps:
6
- task: AzureCLI@2
7
  inputs:
8
    azureSubscription: '<ServiceConnectionName>'
9
    scriptType: 'bash'
10
    scriptLocation: 'inlineScript'
11
    inlineScript: |
12
      az group list

Summary

Now your Azure DevOps pipelines can securely interact with external resources through the configured service connections.