Overview
Service connections are a secure way to enable you to connect Cloud Maker to Microsoft Azure in order to deploy your solution to Azure.
If you would prefer to use Azure DevOps to deploy your solution, head over to the Azure DevOps Integration article which walks you through how to set this up.
Azure App Registration
Cloud Maker uses an Azure App Registration to connect with Azure.
Once we have completed the app registration process you can use Identity Access Management to control what Cloud Maker can and can't access.
Create the Cloud Maker app registration as follows:
Log in to the Azure portal (https://portal.azure.com)
Navigate to 'Azure Active Directory'
Select 'App registrations' from the left side menu
Click the '+ New registration' button
Enter a friendly name for your app registration, for instance 'Cloud Maker'
Select the scope of who can use the app registration. Keeping the default of 'Accounts in this organisational directory only' is fine
Click the 'Register' button
Once created, select 'Certificates & secrets' from the left side menu
Under 'Client secrets' click '+ New client secret'
Enter a description for the client secret, such as 'Cloud Maker app registration'
Select the desired expiry length
Click 'Add'
Make sure to copy the secret as this will be needed later when configuring the service connection in Cloud Maker. This secret cannot be retrieved and a new one must be created if it's lost.
Navigate back to 'Home' on the Azure portal
Identity Access Management
In order to grant Cloud Maker access to deploy resources to Azure subscriptions, you will need to provide the Cloud Maker app registration with the desired level of access to those subscriptions.
To apply permissions at the Azure subscription level using Identity Access Management, follow these steps for each subscription:
From the Azure portal Home, select the Azure subscription you want to add the Cloud Maker app registration permissions to.
On the left side menu select 'Access Control (IAM)'.
Under 'Add a role assignment' click the 'Add' button.
On the 'Add role assignment' blade, select the role you wish to apply to the Cloud Maker app registration, for example 'Contributor'. NB: This role will need to have sufficient permissions to provision Azure resources to the selected Azure subscription.
In the 'Select' search box, type the friendly name of your Cloud Maker app registration. For example 'Cloud Maker'.
Select the Cloud Maker app registration.
Click 'Save' to add the Cloud Maker app registration to the desired role.
Pro Tip: You can also apply app registration permissions at the Management Group level to control access to multiple subscriptions rather than applying it individually to each subscription.
Create a Cloud Maker Service Connection
Finally, we need to create a service connection in Cloud Maker. In order to do this follow these steps:
Select the Cloud Maker organisation you wish to create a service connection for.
Navigate to the 'Blueprints' and select 'Manage Organisation'.
Under 'Service Connections' click the 'Add new service connection' button.
In the new service connection window enter a name for your service connection.
Under 'Target' select 'Azure' (this should be pre-selected by default).
Enter your Azure Tenant ID (found on the app registration info in the Azure portal).
Enter your App ID (found on the app registration info in the Azure portal).
Paste the App Secret you copied earlier.
Click the 'Save' button to create the service connection.
Using your Service Connection
You can now use your service connection with 'Direct Deployments' in Cloud Maker solutions. Find out more about solutions here.
You can also model multiple subscriptions in your Cloud Maker blueprints. You can read more about subscriptions here.