Quickstart: Create a service connection in Azure Spring Apps with the Azure CLI
Article
This quickstart shows you how to connect Azure Spring Apps to other Cloud resources using the Azure CLI and Service Connector.
Service Connector lets you quickly connect compute services to cloud services, while managing your connection's authentication and networking settings.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
Version 2.37.0 or higher of the Azure CLI. To upgrade to the latest version, run az upgrade. If using Azure Cloud Shell, the latest version is already installed.
The Azure Spring Apps extension must be installed in the Azure CLI or the Cloud Shell. To install it, run az extension add --name spring.
Initial setup
If you're using Service Connector for the first time, start by running the command az provider register to register the Service Connector resource provider.
Azure CLI
az provider register -n Microsoft.ServiceLinker
Tip
You can check if the resource provider has already been registered by running the command az provider show -n "Microsoft.ServiceLinker" --query registrationState. If the output is Registered, then Service Connector has already been registered.
az spring connection list-support-types --output table
Tip
If the az spring command isn't recognized by the system, check that you have installed the required extension by running az extension add --name spring.
Create a service connection
Create a connection from Azure Spring Apps using a managed identity or an access key.
To use a managed identity, you must have the permission to modify role assignments in Microsoft Entra ID. Ask your subscription owner to grant you a role assignment permission or use an access key to create the connection.
Run the az spring connection create command to connect application deployed to Azure Spring Apps to a Blob Storage resource, using a system-assigned managed identity.
Provide the following information at the CLI or Cloud Shell's request:
Azure CLI
az spring connection create storage-blob --system-identity
Setting
Description
The resource group which contains the spring-cloud
The name of the resource group that contains an app hosted by Azure Spring Apps.
Name of the spring-cloud service
The name of the Azure Spring Apps resource.
Name of the spring-cloud app
The name of the application hosted by Azure Spring Apps that connects to the target service.
The resource group which contains the storage account
The name of the resource group with the storage account.
Name of the storage account
The name of the storage account you want to connect to. In this guide, we're using a Blob Storage.
Tip
If you don't have a Blob Storage, you can run az spring connection create storage-blob --new --system-identity to provision a new Blob Storage and directly connect it to your application hosted by Azure Spring Apps using a managed identity.
Warning
Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.
Run the az spring connection create command to create a service connection between Azure Spring Apps and an Azure Blob Storage using an access key.
Azure CLI
az spring connection create storage-blob --secret
Provide the following information at the CLI or Cloud Shell's request:
Setting
Description
The resource group which contains the spring-cloud
The name of the resource group that contains app hosted by Azure Spring Apps.
Name of the spring-cloud service
The name of the Azure Spring Apps resource.
Name of the spring-cloud app
The name of the application hosted by Azure Spring Apps that connects to the target service.
The resource group which contains the storage account
The name of the resource group with the storage account.
Name of the storage account
The name of the storage account you want to connect to. In this guide, we're using a Blob Storage.
Tip
If you don't have a Blob Storage, you can run az spring connection create storage-blob --new --secret to provision a new Blob Storage and directly connect it to your application hosted by Azure Spring Apps using a connection string.
View connections
Run az spring connection list command to list all of your Azure Spring Apps' provisioned connections.
Replace the placeholders <azure-spring-apps-resource-group>, <azure-spring-apps-name>, and <app-name> from the command below with the name of your Azure Spring Apps resource group, the name of your Azure Spring Apps resource, and the name of your application. You can also remove the --output table option to view more information about your connections.
Azure CLI
az spring connection list --resource-group<azure-spring-apps-resource-group>--service<azure-spring-apps-name>--app<app-name>--output table
The output also displays the provisioning state of your connections: failed or succeeded.
Next steps
Check the guides below for more information about Service Connector and Azure Spring Apps.
Build end-to-end solutions in Microsoft Azure to create Azure Functions, implement and manage web apps, develop solutions utilizing Azure storage, and more.