You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/service-connector/known-limitations.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,10 @@
1
1
---
2
2
title: Service Connector limitations
3
-
description: Learn about current limitations in Service Connector.
3
+
description: Learn about current limitations in Service Connector used to connect apps and Cloud services in Azure.
4
4
titleSuffix: Service Connector
5
5
ms.service: service-connector
6
6
ms.topic: troubleshooting
7
-
ms.date: 03/02/2023
7
+
ms.date: 10/22/2024
8
8
ms.author: malev
9
9
author: maud-lv
10
10
---
@@ -14,9 +14,9 @@ In this article, learn about Service Connector's existing limitations and how to
14
14
15
15
## Limitations to Infrastructure as Code (IaC)
16
16
17
-
Service Connector has been designed to bring the benefits of easy, secure, and consistent backing service connections to as many Azure services as possible. To do so, Service Connector has been developed as an extension resource provider.
17
+
Service Connector is designed to bring the benefits of easy, secure, and consistent backing service connections to as many Azure services as possible. To do so, Service Connector is developed as an extension resource provider.
18
18
19
-
Unfortunately, there are some limitations with IaC support as Service Connector modifies infrastructure on users' behalf. In this scenario, users would begin by using Azure Resource Manager (ARM), Bicep, Terraform, or other IaC templates to create resources. Afterwards, they would use Service Connector to set up resource connections. During this step, Service Connector modifies resource configurations on behalf of the user. If the user reruns their IaC template at a later time, modifications made by Service Connector would disappear as they were not reflected in the original IaC templates. An example of this behavior is Azure Container Apps deployed with ARM templates usually have Managed Identity (MI) disabled by default, Service Connector enables MI when setting up connections on users' behalf. If users trigger the same ARM templates without updating MI settings, the redeployed container apps will have MI disabled again.
19
+
IaC support comes with some limitations, as Service Connector modifies the infrastructure on the users' behalf. In this scenario, users begin by using Azure Resource Manager (ARM), Bicep, Terraform, or other IaC templates to create resources. Afterwards, they use Service Connector to set up resource connections. During this step, Service Connector modifies resource configurations on behalf of the user. If the user reruns their IaC template at a later time, modifications made by Service Connector disappear as they weren't reflected in the original IaC templates. As an example of this behavior, Azure Container Apps resources deployed with ARM templates usually have the managed identity authentication disabled by default. Service Connector enables the managed identity when setting up connections on the users' behalf. If users trigger the same ARM templates without updating the managed identity settings, the managed identity will be disabled once again in the redeployed Azure Container Apps resource.
20
20
21
21
If you run into any issues when using Service Connector, [file an issue with us](https://github.com/Azure/ServiceConnector/issues/new).
22
22
@@ -25,9 +25,9 @@ If you run into any issues when using Service Connector, [file an issue with us]
25
25
We suggest the following solutions:
26
26
27
27
- Reference [how to build connections with IaC tools](how-to-build-connections-with-iac-tools.md) to build your infrastructure or translate your existing infrastructure to IaC templates.
28
-
- If your CI/CD pipelines contain templates of source compute or backing services, suggested flow is: reapplying the templates, adding sanity check or smoke tests to make sure the application is up and running, then allowing live traffic to the application. The flow adds a verification step before allowing live traffic.
28
+
- If your CI/CD pipelines contain templates of source compute or backing services, we suggested reapplying the templates, adding a sanity check or smoke tests to make sure the application is up and running, then allowing live traffic to the application. The flow adds a verification step before allowing live traffic.
29
29
- When automating Azure Container App code deployments with Service Connector, we recommend the use of [multiple revision mode](../container-apps/revisions.md#revision-modes) to avoid routing traffic to a temporarily nonfunctional app before Service connector can reapply connections.
30
-
- The order in which automation operations are performed matters greatly. Ensure your connection endpoints are there before the connection itself is created. Ideally, create the backing service, then the compute service, and then the connection between the two. This way, Service Connector can configure both the compute service and the backing service appropriately.
30
+
- The order in which automation operations are performed matters. Ensure your connection endpoints are there before the connection itself is created. Ideally, create the backing service, then the compute service, and then the connection between the two. This way, Service Connector can configure both the compute service and the backing service appropriately.
Copy file name to clipboardExpand all lines: articles/service-connector/quickstart-portal-app-service-connection.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,11 +1,11 @@
1
1
---
2
-
title: Quickstart - Create a service connection in App Service from the Azure portal
2
+
title: 'Quickstart: Create a service connection in App Service'
3
3
description: Quickstart showing how to create a service connection in App Service from the Azure portal
4
4
author: maud-lv
5
5
ms.author: malev
6
6
ms.service: service-connector
7
7
ms.topic: quickstart
8
-
ms.date: 10/05/2023
8
+
ms.date: 10/22/2024
9
9
#Customer intent: As an app developer, I want to connect several services together so that I can ensure I have the right connectivity to access my Azure resources.
10
10
---
11
11
@@ -45,7 +45,7 @@ Sign in to the Azure portal at [https://portal.azure.com/](https://portal.azure.
45
45
46
46
1. Select **Next: Authentication** to choose an authentication method.
System-assigned managed identity is the recommended authentication option. Select **System-assigned managed identity** to connect through an identity that's generated in Microsoft Entra ID and tied to the lifecycle of the service instance.
System-assigned managed identity is the recommended authentication option. Select **System-assigned managed identity** to connect through an identity that's automatically generated in Microsoft Entra ID and tied to the lifecycle of the service instance.
63
63
64
-
### [UMI](#tab/UMI)
64
+
### [User-assigned managed identity](#tab/UMI)
65
65
66
66
Select **User-assigned managed identity** to authenticate through a standalone identity assigned to one or more instances of an Azure service. Select a subscription that contains a user-assigned managed identity, and select the identity.
@@ -66,7 +66,7 @@ Then you can check the log or call the application to see if it can connect to t
66
66
67
67
#### Permission
68
68
69
-
If you encounter any permission-related errors, confirm the Azure CLI signed-in user with the command `az account show`. Make sure you log in with the correct account. Next, confirm that you have the following permissions that might be required to create a passwordless connection with Service Connector.
69
+
If you encounter any permission-related errors, confirm the Azure CLI signed-in user with the command `az account show`. Make sure you sign in with the correct account. Next, confirm that you have the following permissions that might be required to create a passwordless connection with Service Connector.
Copy file name to clipboardExpand all lines: articles/service-connector/tutorial-portal-key-vault.md
+11-10Lines changed: 11 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,16 +1,17 @@
1
1
---
2
-
title: Tutorial - Connect Azure services and store secrets in Key Vault
3
-
description: Tutorial showing how to store your web app's secrets in Azure Key Vault using Service Connector
2
+
title: 'Tutorial: Connect Azure services and store secrets in Key Vault'
3
+
description: Tutorial showing how to store your web application's secrets in Azure Key Vault using Service Connector.
4
4
author: maud-lv
5
5
ms.author: malev
6
6
ms.service: service-connector
7
7
ms.topic: tutorial
8
-
ms.date: 10/31/2023
8
+
ms.date: 10/22/2024
9
+
#customer intent: As a web developer, I want store my app's secrets in Azure Key Vault so they can be managed and protected by Azure's security features.
9
10
---
10
11
11
12
# Quickstart: Connect Azure services and store secrets in Azure Key Vault
12
13
13
-
Azure Key Vault is a cloud service that provides a secure store for secrets. You can securely store keys, passwords, certificates, and other secrets. When you create a service connection, you can securely store access keys and secrets into connected Key Vault. In this tutorial, you'll complete the following tasks using the Azure portal. Both methods are explained in the following procedures.
14
+
Azure Key Vault is a cloud service that provides a secure store for secrets. You can securely store keys, passwords, certificates, and other secrets. When you create a service connection, you can securely store access keys and secrets into connected Key Vault. In this tutorial, you complete the following tasks using the Azure portal. Both methods are explained in the following procedures.
14
15
15
16
> [!div class="checklist"]
16
17
> * Create a service connection to Azure Key Vault in Azure App Service
@@ -25,8 +26,8 @@ To create a service connection and store secrets in Key Vault with Service Conne
25
26
* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free).
26
27
* An app hosted on App Service. If you don't have one yet, [create and deploy an app to App Service](../app-service/quickstart-dotnetcore.md)
27
28
* An Azure Key Vault. If you don't have one, [create an Azure Key Vault](/azure/key-vault/general/quick-create-portal)
28
-
* Another target service instance supported by Service Connector. In this tutorial, you'll use [Azure Blob Storage](../storage/blobs/storage-quickstart-blobs-portal.md)
29
-
* Read and write access to the App Service, Key Vault and the target service.
29
+
* Another target service instance supported by Service Connector. In this tutorial, you use [Azure Blob Storage](../storage/blobs/storage-quickstart-blobs-portal.md)
30
+
* Read and write access to the App Service, Key Vault, and the target service.
30
31
31
32
## Create a Key Vault connection in App Service
32
33
@@ -52,7 +53,7 @@ To store your connection access keys and secrets into a key vault, start by conn
52
53
53
54
## Create a Blob Storage connection in App Service and store access keys into Key Vault
54
55
55
-
Now you can create a service connection to another target service and directly store access keys into a connected Key Vault when using a connection string/access key or a Service Principal for authentication. We'll use Blob Storage as an example below. Follow the same process for other target services.
56
+
Now you can create a service connection to another target service and directly store access keys into a connected Key Vault when using a connection string/access key or a service principal for authentication. We use Blob Storage as an example below. Follow the same process for other target services.
56
57
57
58
1. In the Azure portal, type **App Service** in the search menu and select the name of the App Service you want to use from the list.
58
59
1. Select **Service Connector** from the left table of contents. Then select **Create**.
@@ -83,11 +84,11 @@ Now you can create a service connection to another target service and directly s
83
84
84
85
### [Service principal](#tab/serviceprincipal)
85
86
86
-
Select **Next: Authentication** to select the authentication type and select **Service Principal** to use Service Principal to connect your storage account.
87
+
Select **Next: Authentication** to select the authentication type and select **Service Principal** to use a service principal to connect your storage account.
|**Service Principal object ID or name**| Choose the Service Principal you want to use to connect to Blob Storage from the list | The Service Principal in your subscription that is used to connect to target service. |
91
+
|**Service Principal object ID or name**| Choose the service principal you want to use to connect to Blob Storage from the list | The service principal in your subscription that is used to connect to target service. |
91
92
|**Store Secret to Key Vault**| Check | This option lets Service Connector store the service principal ID and secret into Key Vault. |
92
93
|**Key Vault connection**| One of your key vault connections | Select the Key Vault in which you want to store your service principal ID and secret. |
93
94
@@ -103,7 +104,7 @@ Now you can create a service connection to another target service and directly s
103
104
104
105
1. Expand the Blob Storage connection, select **Hidden value. Click to show value**. You can see that the value is a Key Vault reference.
105
106
106
-
1. Select the **Key Vault** in the Service Type column of your Key Vault connection. You will be redirected to the Key Vault portal page.
107
+
1. Select the **Key Vault** in the Service Type column of your Key Vault connection. You'll be redirected to the Key Vault portal page.
107
108
108
109
1. Select **Secrets** in the Key Vault left ToC, and select the blob storage secret name.
Copy file name to clipboardExpand all lines: articles/service-connector/tutorial-python-functions-storage-blob-as-input.md
+4-3Lines changed: 4 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,16 +1,17 @@
1
1
---
2
2
title: 'Tutorial: Python function with Azure Blob Storage as input'
3
-
description: Learn how you can connect a Python function to a storage blob as input using Service Connector
3
+
description: Learn how you can connect a Python function to a storage blob as input using Service Connector in Azure.
4
4
author: houk-ms
5
5
ms.author: honc
6
6
ms.service: service-connector
7
7
ms.custom: devx-track-python
8
8
ms.topic: tutorial
9
-
ms.date: 10/25/2023
9
+
ms.date: 10/22/2024
10
+
#customer intent: As a developer, I want to configure a Python function with Storage Blob as input function binding so that I can process and manage large volumes of data stored in Azure Blob Storage.
10
11
---
11
12
# Tutorial: Python function with Azure Blob Storage as input
12
13
13
-
In this tutorial, you learn how to configure a Python function with Storage Blob as input by completing the following tasks:
14
+
In this tutorial, you learn how to configure a Python function with Azure Blob storage as input by completing the following tasks:
14
15
15
16
> [!div class="checklist"]
16
17
> * Use Visual Studio Code to create a Python function project.
0 commit comments