How to configure DevOps with Lighthouse (2/6)

Lighthouse

Modify ARM template- and parameter-file to have your spoke subscriptions connected to Lighthouse in your hub subscription.

Agenda:

1. Create and configure an Application Registration to gain access using a secret.
2. Create a template- and parameter-file for connecting other subscriptions to Lighthouse in the hub subscription.
3. Register the AppReg in all other tenants.
4. Create a custom role for the AppReg (or use builtin roles).
5. Deploy the Lighthouse Template- and Parameter-file.
6. Create the Service Connections in Azure DevOps.
7. Test DevOps with Lighthouse

Step 2. Create a template- and parameter-file for connecting other subscriptions to Lighthouse in the hub subscription.

  1. Copy this sample template and parameter code:

Lighthouse Template sample:

Lighthouse Parameter sample:

2. Modify the Parameter-file to your hub, app registration and roles:

manageByTenantID = TenantId
AppReg4
PrincipalID = Service Principal ID, copied to notepad from previous post (1/7). Can also be User Object ID, if your also giving named users access cross subscription.
AppReg3

roleDefintionId = Builtin or custom Role Object ID. (b24988ac-6180-42a0-ab88-20f7382dd24c = Subscription Contributor).
AppReg5

Leave a Comment