How to configure DevOps with Lighthouse (4/6)

Lighthouse

Register the previous created Application Registration in your spoke tenants.

Agenda:

1. Create and configure an Application Registration to gain access using a secret.
2. Create a template- and parameter-file for connecting other subscriptions to Lighthouse in the hub subscription.
3. Register the AppReg in all other tenants.
4. Create a custom role for the AppReg (or use builtin roles).
5. Deploy the Lighthouse Template- and Parameter-file.
6. Create the Service Connections in Azure DevOps.
7. Test DevOps with Lighthouse

Step 4 Create a custom role for the AppReg (or use builtin roles).

1. Modify this InputFile to create the role and access you as owner of the spoke subscription would like to give the Service Principal and Users in Lighthouse.

This would give the Service Principal and Users access to manage resource and deployments in this specified Resource Group within that subscription.

In my case I was only going to create the hub-spok network, so to reduce risk, one can only deploy to this specific Resource Group, that should host the networking resources.

2. Run the New-AzureRmRoleDefintion cmdlet to create a role based on this InputFile

AppReg6

Leave a Comment