When deploying resources in Azure using Bicep, occasionally you will have to assign rights to a user or principal to perform certain actions. For example, authorizing an app service to access a storage account. Initially you would create something like this: // Assume we have an app service with a System Assigned managed service identity var principalId = appService.identity.principalId; resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = { name: 'some-existing-storage-account' } resource roleAuthorization 'Microsoft. …

As a side project, I am working on a web application that I want to host in Azure eventually. There is a ton of documentation available around Azure but instructions vary by product. I have documented the steps I needed to run a web application in Azure. To make it easier to automate the deployment steps I am avoiding the Azure portal. I want to script these steps later so that I can automate my deployments. …

When trying to deploy a simple web application and Azure SQL database through Azure DevOps pipelines, I wanted to use a system managed application identity to authorize the web application to access the database. This requires running something like the following SQL script on the Azure SQL database. CREATE USER [<identity-name>] FROM EXTERNAL PROVIDER; ALTER ROLE db_datareader ADD MEMBER [<identity-name>]; ALTER ROLE db_datawriter ADD MEMBER [<identity-name>]; ALTER ROLE db_ddladmin ADD MEMBER [<identity-name>]; I was having a lot of trouble getting the Azure SqlCmd task to work, while the error(s) it was showing was not helpful at all. …