Connecting Azure DevOps to Azure with Federated Accounts using Managed Identity

Connecting Azure DevOps to Azure with Federated Accounts using Managed Identity

Introduction In today's cloud-centric world, securely managing identities and access control is crucial. Azure DevOps is a powerful tool that helps automate deployment pipelines, but managing credentials securely can be challenging. One way to improve security and simplify management is by using Managed Identity for Azure resources. This blog will guide you through setting up a federated account to connect Azure DevOps to Azure using Service Connections via Managed Identity.

What is Managed Identity? Managed Identity is a feature of Azure Active Directory (Azure AD) that provides Azure services with an automatically managed identity. This identity can be used to authenticate to any service that supports Azure AD authentication, eliminating the need for managing credentials.

Why Use Managed Identity with Azure DevOps?

Security: Eliminates the need to store secrets in Azure DevOps, reducing the risk of credential leakage.

Simplification: Managed identities are automatically managed, so there's no need to rotate or manage keys.

Scalability: Easily manage access across multiple environments and projects without hardcoding credentials.

Step 1: Create a Managed Identity in Azure

Assign a Managed Identity to your Azure resource:

Navigate to the Azure portal. https://portal.azure.com

Go to the resource you want to enable a Managed Identity

enter image description here

Click on Create New enter image description here

Select Resource Group and assign name, review and create enter image description here enter image description here

Click On Manage Identity and click on Access Control, Click on Add. Assign Role enter image description here

enter image description here

enter image description here

Review and Create

enter image description here

Review the access as we have assigned the Manage identity as Owner enter image description here

Login To Azure Devops and move to Your Project to Create Service Connection enter image description here

Click On Project Setting and Select Service Connection enter image description here

Click On New Service Connection enter image description here

enter image description here

Give Connection Name and Description enter image description here

Click on Next and Collect Issuer Details, subject identifier and Keep in Notepad enter image description here

Provide Subscription Details for the Created Manage Identity enter image description here

Login Back to Azure Portal and Select App Registration enter image description here

Create A new app registration and register it enter image description here

Select Certificate $ Secrets and Select Federated Credentials

enter image description here

Select Add Credentials

enter image description here

Provide the Issuer and Subject Identifier Created in Azure Devops Portal Service Connection

enter image description here

enter image description here

Select Created Manage Identity and select Federated Credential and click add credentials

enter image description here

Select Federated Scenario as other and provide Issuer, Subject Identifier and in credential Details name as Federated name created in app registration

enter image description here

Go Back to Azure Devops Portal, Service connection and click on Verify and Save enter image description here

If Configuration Are proper connection will be saved

To verify the connection, lets create azure pipeline in the project

trigger:
- main

pool:
  acloudguru

steps:
- task: AzureCLI@2
  displayName: 'devops-connection'
  inputs:
    azureSubscription: 'devops-connection'  # Use the correct service connection
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: |
      echo "Assigning role......."
      az group create --name myResourceGroup --location eastus

Run the pipeline to deploy resources securely using the Managed Identity enter image description here

Conclusion Using Managed Identity to connect Azure DevOps to Azure resources provides a secure, scalable, and easy-to-manage way of handling authentication. This approach eliminates the need to store and manage secrets, which enhances security and simplifies operations. By leveraging federated identity credentials, you can further streamline and secure your CI/CD pipelines, making your deployments more robust and secure.