Exercise - Create a service connection

  • 4 minutes

Before you can deploy your toy company's website by using a pipeline, you need to create a service connection for your pipeline to use. In this exercise, you'll:

  • Create a resource group for your website.
  • Create an Azure Pipelines service connection and configure it to access the resource group.

This exercise requires that you have permissions to create applications and service principals in your Microsoft Entra directory. If you can't meet this requirement with your current Azure account, you can get a free trial and create a new Azure subscription and tenant.

Important

The final exercise in this module contains important cleanup steps. Be sure to follow the cleanup steps even if you don't complete this module.

Sign in to Azure

To work with service principals in Azure, sign in to your Azure account from the Visual Studio Code terminal. Be sure that you've installed the Azure CLI tools.

  1. In the Terminal menu, select New Terminal. The terminal window usually opens in the lower half of your screen.

    The default shell is typically pwsh, as shown on the right side of the terminal window.

    Screenshot of the Visual Studio Code terminal window, in which pwsh is shown as the shell option.

  2. Select the Launch Profile dropdown list, and then select Azure Cloud Shell (Bash).

    Screenshot of the Visual Studio Code terminal window. The terminal shell dropdown list and the Azure Cloud Shell (Bash) menu item are shown.

    A new shell opens.

Sign in to Azure by using the Azure CLI

  1. In the Visual Studio Code terminal, run the following command to sign in to Azure:

    az login

  2. In the browser that opens, sign in to your Azure account.

To deploy this template to Azure, sign in to your Azure account from the Visual Studio Code terminal. Be sure that you've installed Azure PowerShell, and sign in to the same account that you used to activate the sandbox.

  1. In the Terminal menu, select New Terminal. The terminal window usually opens in the lower half of your screen.

    The default shell is typically pwsh, as shown on the right side of the terminal window.

    Screenshot of the Visual Studio Code terminal window, in which pwsh is shown as the shell option.

  2. Select the Launch Profile dropdown list, and then select Azure Cloud Shell (PowerShell).

    Screenshot of the Visual Studio Code terminal window. The terminal shell dropdown list and the Azure Cloud Shell (PowerShell) menu item are shown.

    A new shell opens.

Sign in to Azure by using Azure PowerShell

  1. In the Visual Studio Code terminal, run the following command to sign in to Azure:

    Connect-AzAccount

  2. In the browser that opens, sign in to your Azure account.

Create a resource group in Azure

To create a new resource group, run this Azure CLI command in the Visual Studio Code terminal:

az group create --name ToyWebsite --location westus3

To create a resource group, run this Azure PowerShell command in the Visual Studio Code terminal:

New-AzResourceGroup -Name ToyWebsite -Location westus3

Create a service connection in Azure Pipelines

Next, create a service connection in Azure Pipelines. This process automatically creates a service principal in Azure. It also grants the service principal the Contributor role on your resource group, which allows your pipeline to deploy to the resource group.

  1. In your browser, select Project settings.

    Screenshot of Azure DevOps that shows the menu, with the 'Project settings' item highlighted.

  2. Select Service connections > Create service connection.

    Screenshot of Azure DevOps that shows the 'Create service connection' page, with the 'Create service connection' button highlighted.

  3. Select Azure Resource Manager > Next.

    Screenshot of Azure DevOps that shows the 'Create service connection' page, with the Azure Resource Manager service connection type highlighted.

  4. Select Service principal (automatic) > Next.

    Screenshot of Azure DevOps that shows the 'Create service connection' page, with the Service principal (automatic) option highlighted.

  5. In the Subscription drop-down, select your Azure subscription.

    A popup window might appear, asking you to sign in to Azure. If it does, enter your credentials and sign in.

  6. In the Resource group drop-down, select ToyWebsite.

  7. In Service connection name, enter ToyWebsite. Ensure that the Grant access permission to all pipelines checkbox is selected.

    Screenshot of Azure DevOps that shows the 'Create service connection' page, with the details completed and the Next button highlighted.

    Tip

    For simplicity, you're giving every pipeline access to your service connection. When you create real service connections that work with production resources, consider restricting access to only the pipelines that need them.

  8. Select Save.

  9. In Service connections, verify that your new service connection is shown in the list of service connections.

    Screenshot of Azure DevOps that shows the list of service connections, with the ToyWebsite service connection included.