Quickstart: Create a service connection in Azure Container Apps with the Azure CLI (preview)
This quickstart shows you how to connect Azure Container Apps to other Cloud resources using the Azure CLI and Service Connector (preview). Service Connector lets you quickly connect compute services to cloud services, while managing your connection's authentication and networking settings.
Prerequisites
An active Azure subscription. If you don't have an Azure subscription, create an Azure free account before you begin.
At least one application deployed to Azure Container Apps in a region supported by Service Connector. If you don't have one, create and deploy a container to Container Apps.
Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
Version 2.37.0 or higher of the Azure CLI must be installed. To upgrade to the latest version, run
az upgrade
. If using Azure Cloud Shell, the latest version is already installed.The Container Apps extension must be installed in the Azure CLI or the Cloud Shell. To install it, run
az extension add --name containerapp
.
Set up your environment
If you're using Service Connector for the first time, start by running the command az provider register to register the Service Connector resource provider.
az provider register -n Microsoft.ServiceLinker
Tip
You can check if the resource provider has already been registered by running the command
az provider show -n "Microsoft.ServiceLinker" --query registrationState
. If the output isRegistered
, then Service Connector has already been registered.Optionally, run the command az containerapp connection list-support-types to get a list of supported target services for Container Apps.
az containerapp connection list-support-types --output table
Create a service connection (preview)
Create a connection using a managed identity or an access key.
Important
To use a managed identity, you must have the permission to modify Microsoft Entra role assignment. Ask your subscription owner to grant you this permission, or use an access key instead to create the connection.
Run the
az containerapp connection create
command to create a service connection from Container Apps to a Blob Storage with a system-assigned managed identity.az containerapp connection create storage-blob --system-identity
Provide the following information at the Azure CLI's request:
Setting Description The resource group that contains the container app
The name of the resource group with the container app. Name of the container app
The name of the container app. The container where the connection information will be saved
The name of the container app's container. The resource group which contains the storage account
The name of the resource group with the storage account. Name of the storage account
The name of the storage account you want to connect to. In this guide, we're using a Blob Storage.
Note
If you don't have a Blob Storage, you can run az containerapp connection create storage-blob --new --system-identity
to provision a new Blob Storage and directly connect it to your container app using a managed identity.
View connections
Use the Azure CLI command az containerapp connection list
to list all your container app's provisioned connections. Replace the placeholders <container-app-resource-group>
and <container-app-name>
from the command below with the resource group and name of your container app. You can also remove the --output table
option to view more information about your connections.
az containerapp connection list -g "<container-app-resource-group>" --name "<container-app-name>" --output table
The output also displays the provisioning state of your connections: failed or succeeded.