Quickstart: Deploy service catalog managed application from Azure portal
In the quickstart article to publish the definition, you published an Azure managed application definition. In this quickstart, you use that definition to deploy a service catalog managed application. The deployment creates two resource groups. One resource group contains the managed application and the other is a managed resource group for the deployed resource. In this article, the managed application definition deploys a managed storage account.
Prerequisites
To complete this quickstart, you need an Azure account with an active subscription. If you completed the quickstart to publish a definition, you should already have an account. Otherwise, create a free account before you begin.
Create service catalog managed application
In the Azure portal, use the following steps:
Sign in to the Azure portal.
Select Create a resource.
Search for Service Catalog Managed Application and select it from the available options.
Service Catalog Managed Application is displayed. Select Create.
The portal shows the managed application definitions that you can access. From the available definitions, select the one you want to deploy. In this quickstart, use the Managed Storage Account definition that you created in the preceding quickstart. Select Create.
Provide values for the Basics tab and select Next: Storage settings.
- Subscription: Select the subscription where you want to deploy the managed application.
- Resource group: Select the resource group. For this example, create a resource group named applicationGroup.
- Region: Select the location where you want to deploy the resource.
- Application Name: Enter a name for your application. For this example, use demoManagedApplication.
- Managed Resource Group: Uses a default name in the format
mrg-{definitionName}-{dateTime}
like the example mrg-ManagedStorage-20220817085240. You can change the name.
Enter a prefix for the storage account name and select the storage account type. Select Next: Review + create.
- Storage account name prefix: Use only lowercase letters and numbers and a maximum of 11 characters. During deployment, the prefix is concatenated with a unique string to create the storage account name.
- Storage account type: Select Change type to choose a storage account type. The default is Standard LRS.
Review the summary of the values you selected and verify Validation Passed is displayed. Select Create to begin the deployment.
View results
After the service catalog managed application is deployed, you have two new resource groups. One resource group contains the managed application. The other resource group contains the managed resource that was deployed. In this example, a managed storage account.
Managed application
Go to the resource group named applicationGroup. The resource group contains your managed application named demoManagedApplication.
Managed resource
Go to the managed resource group with the name prefix mrg-ManagedStorage to see the resource that was deployed. The resource group contains the managed storage account that uses the prefix you specified. In this example, the storage account prefix is demoappstg.
The storage account that's created by the managed application has a role assignment. In the publish the definition article, you created an Azure Active Directory group. That group was used in the managed application definition. When you deployed the managed application, a role assignment for that group was added to the managed storage account.
To see the role assignment from the Azure portal:
Go to the mrg-ManagedStorage resource group.
Select Access Control (IAM) > Role assignments.
You can also view the resource's Deny assignments.
The role assignment gives the application's publisher access to manage the storage account. In this example, the publisher might be your IT department. The Deny assignments prevents customers from making changes to a managed resource's configuration. Managed apps are designed so that customers don't need to maintain the resources. The Deny assignment excludes the Azure Active Directory group that was assigned in Role assignments.
Clean up resources
When your finished with the managed application, you can delete the resource groups and that will remove all the resources you created. For example, in this quickstart you created the resource groups applicationGroup and a managed resource group with the prefix mrg-ManagedStorage.
- From Azure portal Home, in the search field, enter resource groups.
- Select Resource groups.
- Select applicationGroup and Delete resource group.
- To confirm the deletion, enter the resource group name and select Delete.
When the resource group that contains the managed application is deleted, the managed resource group is also deleted. In this example, when applicationGroup is deleted the mrg-ManagedStorage resource group is also deleted.
If you want to delete the managed application definition, you can delete the resource groups you created in the quickstart to publish the definition.
Next steps
- To learn how to create the definition files for a managed application, see Quickstart: Create and publish an Azure Managed Application definition.
- For Azure CLI, see Deploy managed application with Azure CLI.
- For PowerShell, see Deploy managed application with PowerShell.
Feedback
Submit and view feedback for