Edit

Share via

Create and configure a project by using Azure CLI

  • Article

In this quickstart, you create a project in Azure Deployment Environments. You then associate the project with the dev center you created in Create and configure a dev center by using the Azure CLI.

A platform engineering team typically creates projects and provides project access to development teams. Development teams then create environments by using environment definitions, connect to individual resources, and deploy applications.

Prerequisites

Category Requirement
Subcription An Azure account with an active subscription. Create an account for free.
Permissions Azure role-based access control role with permissions to create and manage resources in the subscription, such as Contributor or Owner.
Resource - A dev center.

Create a project

To create a project in your dev center:

  1. Sign in to the Azure CLI:

    az login

  2. Install the Azure CLI devcenter extension:

    az extension add --name devcenter --upgrade

  3. Configure the default subscription as the subscription where your dev center resides:

    az account set --subscription <subscriptionName>

  4. Configure the default resource group as the resource group where your dev center resides:

    az configure --defaults group=<resourceGroupName>

  5. Configure the default location as the location where your dev center resides. The location of the project must match the location of the dev center.

    az configure --defaults location=eastus

  6. Retrieve the dev center resource ID:

    $DEVCID = az devcenter admin devcenter show -n <devcenterName> --query id -o tsv
Write-Output $DEVCID

  7. Create the project in the dev center:

    az devcenter admin project create -n <projectName> `
--description "My first project." `
--dev-center-id $DEVCID

  8. Confirm that the project was successfully created:

    az devcenter admin project show -n <projectName>

Assign the Owner role to a managed identity

Before you can create environment types, you must give the managed identity that represents your dev center access to the subscriptions where you configure the project environment types.

In this quickstart, you assign the Owner role to the system-assigned managed identity that you configured previously: Attach a system-assigned managed identity.

  1. Retrieve the subscription ID:

    $SUBID = az account show --name <subscriptionName> --query id -o tsv
Write-Output $SUBID

  2. Retrieve the object ID of the dev center's identity by using the name of the dev center resource:

    $OID = az ad sp list --display-name <devcenterName> --query [].id -o tsv
Write-Output $OID

  3. Assign the role of Owner to the dev center on the subscription:

    az role assignment create --assignee $OID `
--role "Owner" `
--scope "/subscriptions/$SUBID"

Configure a project

To configure a project, add a project environment type:

  1. Retrieve the role ID for the owner of the subscription:

    # Remove the group default scope for next the command. 
az configure --defaults group=

$ROID = az role definition list -n "Owner" --scope /subscriptions/$SUBID --query [].name -o tsv
Write-Output $ROID

# Set the default resource group again.
az configure --defaults group=<resourceGroupName>

  2. Show allowed environment types for the project:

    az devcenter admin project-allowed-environment-type list --project <projectName> --query [].name

  3. Choose an environment type and create it for the project:

    $roles = "{`"$($ROID)`":{}}"
az devcenter admin project-environment-type create `
    -n <availableEnvironmentType> `
    --project <projectName> `
    --identity-type "SystemAssigned" `
    --roles $roles `
    --deployment-target-id "/subscriptions/$SUBID" `
    --status Enabled

Note

At least one identity (system-assigned or user-assigned) must be enabled for deployment identity. The identity is used to perform the environment deployment on behalf of the developer. Additionally, the identity attached to the dev center should be assigned the Owner role for access to the deployment subscription for each environment type.

Assign environment access

In this quickstart, you give access to your own ID. Optionally, you can replace the value of --assignee for the following commands with another member's object ID.

  1. Retrieve your own object ID:

    $MYOID = az ad signed-in-user show --query id -o tsv
Write-Output $MYOID

  2. Assign admin access:

    az role assignment create --assignee $MYOID `
--role "DevCenter Project Admin" `
--scope "/subscriptions/$SUBID"

  3. Optionally, you can assign the Dev Environment User role:

    az role assignment create --assignee $MYOID `
--role "Deployment Environments User" `
--scope "/subscriptions/$SUBID"

Note

Only users who have the Deployment Environments User role, the DevCenter Project Admin role, or a built-in role that has appropriate permissions can create an environment. Users who have the Deployment Environments Reader role can view their own environments and environments created by others.

Next step

In this quickstart, you created a project and granted project access to your development team. To learn how your development team members can create environments, go to the next quickstart:

Create and access an environment by using the Azure CLI