Best practices for using Azure CLI in a Azure VM via Jenkins
I am pretty new with Azure. I have a Jenkins Cluster. Jobs are launched in slaves. Slaves are Azure VM (Ubuntu).
I need to run some Azure CLI commands for deploying files to an Azure Storage Blob.
I think I need to have an identity (user?) allowed to use Azure CLI inside the VM.
Maybe can I create a specific user for Jenkins only? Is a Managed Identity could use Azure CLI as well?
I wonder what is the best way accomplishing this. Thanks.
I have tested in my environment.
Please create a Service Principal either using the Portal or Azure CLI.
To create the service principal using CLI, please use below command :
az ad sp create-for-rbac --name ServicePrincipalName
Please refer for more details : https://learn.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli
To create service principal using Portal,
Go to Azure Active Directory --> App Registrations --> New Registration --> Complete the form --> Register
Go to your Storage Account --> Select Access Control (IAM)--> Add Role Assignment --> Under Role, select Storage Account Contributor --> Under Select, search for your Service Principal --> Click on Save
Now, the service principal will have Storage Account contributor access. You can deploy the files to Azure Storage using CLI.
Go to Azure Active Directory --> App Registrations --> Search for your Service Principal and click on it.
Please note the Application ID, Tenant ID.
Go to Clients & secrets --> Click on New Client Secret --> Fill the form and click Ok.
Note the Client Secret.
Inside the VM, please use below command to login to Azure using your Service Principal
az login --service-principal -u <app-id> -p <client-secret> --tenant <tenant-id>
Now you can deploy the files to the Azure Storage account from the VM using CLI.
To upload a file to your Storage Account, please use below CLI command :
az storage blob upload --account-name StorageAccountName --container-name ContainerName --name fileName --file sourceFileName
- How can I define compile time constants in bicep configuration language?
- Outlook calendar don't render with FullCalendar
- Azure functions decoding error for IotHub device connection state message schema
- How do I set scope in Azure API Manager (APIM) when using D_application_id
- How to mount multiple disks in a loop using ansible
- How can I get sub value in nested json via KQL?
- Azure .NET SDK: Scale Azure SQL databases through SDK
- How can I invoke Azure Trusted Signing from a Linux OS?
- How to transfer "Set Variable" activity output into Json file using "Copy Data" activity or any other options?
- Verify Microsoft Access token on my ASP.NET Core Web API
- I'm trying to install the package from a private Azure DevOps repository using the pip install command, but I'm encountering an error
- Unable to define the sites for an App Registration for SahrePoint with Site.Selected
- Check if the resource exists before using data
- Not able to see azure 'LifecyclePolicyCompleted event' log
- Direct Web Push gives Error when used from Notification Hub
- Azure Remove User Consent to API
- Flutter-Azure Deviops pipelineThe discrepancy between the number of tests reported as passed or failed in the pipeline output and the test report
- App_location on deployment of a static webapp
- MSINotEnabled - Can't use KeyVault Reference in Azure Function
- Reading values from a key value based file and passing these values to azure devops template
- Deleting an Azure Loadbalancer Frontend IP configuration from python?
- How to retrieve the front door id from a Microsoft CDN (classic)
- What is HEAD operation in CosmosDB reported in Azure Monitoring
- Deploying a Python App to Azure App Service with Github Actions
- How to Query User Access Logs for Azure Front Door
- How can I add email recipients to a Graph API request programmatically?
- How to create Azure Devops Service Connection Docker Registry Type Other
- Problem with CORS policy in React front end with FastAPI on the back trying to use Microsoft Single Sign-on
- Azure Document Intelligence Custom Classification Python API
- Azure Function App unaccounted for time in Application Insights Timeline