Quickstart: Create a service connection in Azure Container Apps with the Azure CLI (preview)

This quickstart shows you how to connect Azure Container Apps to other Cloud resources using the Azure CLI and Service Connector (preview). Service Connector lets you quickly connect compute services to cloud services, while managing your connection's authentication and networking settings.

Prerequisites

  • Version 2.37.0 or higher of the Azure CLI must be installed. To upgrade to the latest version, run az upgrade. If using Azure Cloud Shell, the latest version is already installed.

  • The Container Apps extension must be installed in the Azure CLI or the Cloud Shell. To install it, run az extension add --name containerapp.

Set up your environment

  1. If you're using Service Connector for the first time, start by running the command az provider register to register the Service Connector resource provider.

    az provider register -n Microsoft.ServiceLinker
    

    Tip

    You can check if the resource provider has already been registered by running the command az provider show -n "Microsoft.ServiceLinker" --query registrationState. If the output is Registered, then Service Connector has already been registered.

  2. Optionally, run the command az containerapp connection list-support-types to get a list of supported target services for Container Apps.

    az containerapp connection list-support-types --output table
    

Create a service connection (preview)

Create a connection using a managed identity or an access key.

Important

To use a managed identity, you must have the permission to modify Microsoft Entra role assignment. Ask your subscription owner to grant you this permission, or use an access key instead to create the connection.

  1. Run the az containerapp connection create command to create a service connection from Container Apps to a Blob Storage with a system-assigned managed identity.

    az containerapp connection create storage-blob --system-identity
    
  2. Provide the following information at the Azure CLI's request:

    Setting Description
    The resource group that contains the container app The name of the resource group with the container app.
    Name of the container app The name of the container app.
    The container where the connection information will be saved The name of the container app's container.
    The resource group which contains the storage account The name of the resource group with the storage account.
    Name of the storage account The name of the storage account you want to connect to. In this guide, we're using a Blob Storage.

Note

If you don't have a Blob Storage, you can run az containerapp connection create storage-blob --new --system-identity to provision a new Blob Storage and directly connect it to your container app using a managed identity.

View connections

Use the Azure CLI command az containerapp connection list to list all your container app's provisioned connections. Replace the placeholders <container-app-resource-group> and <container-app-name> from the command below with the resource group and name of your container app. You can also remove the --output table option to view more information about your connections.

az containerapp connection list -g "<container-app-resource-group>" --name "<container-app-name>" --output table

The output also displays the provisioning state of your connections: failed or succeeded.