One of the great features of Azure DevOps is the possibility to automate deployment of Apps, Azure Resources, etc. via Azure Pipelines.

You can create your own script, your own pipeline, and give the possibility to a team, for example, to deploy resources, just with this Azure Pipelines, and without having any rights on the Azure Platform.

Some resources in Azure can cost a lot, like GPU VM for example.

So, in this case, something that you can do, is to put an approval workflow. When someone will deploy a resource, the approver will receive an email, and can approve/decline.

In my example, I created a simple script to deploy a resource group:

This CLI script will be called from the Azure Pipeline. Create the following yaml file, to create the pipeline later:

For the azureSubscription, choose the service connection that has rights on the Azure Subscription.For the name, in resources, you need to put the project followed by the name of the Git repo where the script is located.

And, the name of the script. When it is done, you should have something like this:

Azure Pipelines

In Pipelines > Environments create a new environment. On the 3 dots, click on Approvals and checks. Choose the name of one or more approvers. And options that you need:

Approvals and checks

In pipelines, import the YAML file created before:

Import the YAML file

Change the environment variable with the name of your environment that you created for the approval. Click on Run to test it. The approver will receive an email:

Click on Run

Click on Review Approval and on Review:

Review Approval

Approval

You can do what you want, and put a comment:

You can do what you want, and put a comment

The requester will receive an email, but without the comment. He needs to connect to the Azure DevOps portal to see the comment.

And, if I approve the request, the pipeline runs:

The pipeline runs

The pipeline finished without any error:

The pipeline finished without any error

The resource group has been created on Azure, with the SPN dedicated for that:

The resource group has been created on Azure

As you can see, it is very simple to keep running pipeline under control.

StarWind VTL StarWind VTL allows to stop using legacy physical tapes and move to modern on-premises Virtual Tape Libraries with unrestricted cloud and object storage tiering. The solution enables abiding by the 3-2-1 backup rule as well as other industry-standard data archival and retention requirements. Legacy LTOs become a thing of the past as StarWind VTL automates the replication and tiering of data off-site and “air-gapping” it from ransomware.

Eliminate human error, enhance performance, increase security, and drastically reduce your hardware footprint while also decreasing TCO and increasing ROI thanks to Virtual Tape Library from StarWind.

 

Back to blog