Edit

Share via


Quickstart: Connect Azure Container Apps to databases and services with Service Connector (preview)

Get started with Service Connector to connect your Azure Container Apps to databases, storage accounts, and other Azure services. Service Connector simplifies authentication and configuration, enabling you to connect to resources using managed identities or other authentication methods.

This article provides step-by-step instructions for both the Azure portal and Azure CLI. Choose your preferred method using the tabs above.

Prerequisites

  • This quickstart requires version 2.30.0 or higher of the Azure CLI. To upgrade to the latest version, run az upgrade. If using Azure Cloud Shell, the latest version is already installed.

Set up your environment

  1. If you're using Service Connector for the first time, start by running the command az provider register to register the Service Connector resource provider.

    az provider register -n Microsoft.ServiceLinker
    

    Tip

    You can check if the resource provider has already been registered by running the command az provider show -n "Microsoft.ServiceLinker" --query registrationState. If the output is Registered, then Service Connector has already been registered.

  2. Optionally, run the command az containerapp connection list-support-types to get a list of supported target services for Container Apps.

    az containerapp connection list-support-types --output table
    

Create a service connection (preview)

Use Service Connector to create a service connection between your Azure Container Apps and Azure Blob Storage. This example demonstrates connecting to Blob Storage, but you can use the same process for other supported Azure services.

  1. Select the Search resources, services and docs (G +/) search bar at the top of the Azure portal, type Container Apps in the filter and select Container Apps.

    Screenshot of the Azure portal, selecting Container Apps.

  2. Select the name of the Container Apps resource you want to connect to a target resource.

  3. Select Service Connector (preview) from the left table of contents. Then select Create.

    Screenshot of the Azure portal, selecting Service Connector and creating new connection.

  4. On the Basics tab, select or enter the following settings.

    Setting Example Description
    Container my-container-app The container in your container app.
    Service type Storage - Blob The type of service you want to connect to your container app.
    Subscription my-subscription The subscription that contains the service you want to connect to. The default value is the subscription that contains this container app.
    Connection name storageblob_700ae The connection name that identifies the connection between your container app and target service. Use the connection name provided by Service Connector or choose your own connection name.
    Storage account my-storage-account The target storage account you want to connect to. If you choose a different service type, select the corresponding target service instance.
    Client type .NET The application stack that works with the target service you selected. The default value is None, which generates a list of configurations. If you know the app stack or client SDK in your selected, select the same app stack for the client type.
  5. Select Next: Authentication to choose an authentication method: system-assigned managed identity (SMI), user-assigned managed identity (UMI), connection string, or service principal.

    Select System-assigned managed identity to connect through an identity that's automatically generated in Microsoft Entra ID and tied to the lifecycle of the service instance. This is the recommended authentication option.

  6. Select Next: Networking to select the network configuration and select Configure firewall rules to enable access to target service so that your container app can access the Blob Storage.

    Screenshot of the Azure portal, connection networking set-up.

  7. Select Next: Review + Create to review the provided information. Running the final validation takes a few seconds.

    Screenshot of the Azure portal, Container App connection validation.

  8. Select Create to create the service connection. The operation can take up to a minute to complete.

Run the az containerapp connection create command to create a service connection from Container Apps to a Blob Storage with a system-assigned managed identity. You can run this command in two different ways:

  • Generate the new connection step by step.

    az containerapp connection create storage-blob --system-identity
    
  • Generate the new connection at once. Replace the placeholders with your own information: <source-subscription>, <source_resource_group>, <app>, <target-subscription>, <target_resource_group>, and <account>.

    az containerapp connection create storage-blob \                         
       --source-id /subscriptions/<source-subscription>/resourceGroups/<source_resource_group>/providers/Microsoft.App/containerApps/<app> \
       --target-id /subscriptions/<target-subscription>/resourceGroups/<target_resource_group>/providers/Microsoft.Storage/storageAccounts/<account>/blobServices/default \
       --system-identity
    

Tip

If you don't have a Blob Storage account, run az containerapp connection create storage-blob --new --system-identity to create one and connect it to your container app using a managed identity.

View service connections

  1. Container Apps connections are displayed under Settings > Service Connector (preview). Select > to expand the list and see the properties required by your application.

  2. Select your connection and then Validate to prompt Service Connector to check your connection.

  3. Select Learn more to review the connection validation details.

    Screenshot of the Azure portal, get connection validation result.

Run the az containerapp connection list command to list all your container app's provisioned connections. Replace the placeholders <container-app-resource-group> and <container-app-name> from the command below with your own information. You can also remove the --output table option to view more information about your connections.

az containerapp connection list --resource-group "<container-app-resource-group>" --name "<container-app-name>" --output table

The output also displays the provisioning state of your connections.

Check the following guides for more information about Service Connector: