How to provision a new Azure Function with bicep pipeline and service principle?

Question

How to provision a new Azure Function with bicep pipeline and service principle?

Khalid Hajjouji 40

I have a new Azure subscription. I dont have access to the portal (portal.azure.com). I have only a service principal. How can I create a new Azure Function with a bicep pipeline with a service principal? I already have a bicep, yaml and azure function files.

Sai Prabhu Naveen Parimi 1,180 Reputation points Microsoft External Staff

2025-04-14T05:48:10.8266667+00:00

@Khalid Hajjouji

Just checking if you have some time to review the below Deepanshu katara answer and see if it helped to resolve your issue.

1 answer

Your answer

Sai Prabhu Naveen Parimi 1,180 Reputation points Microsoft External Staff

2025-04-14T05:48:10.8266667+00:00

@Khalid Hajjouji

Just checking if you have some time to review the below Deepanshu katara answer and see if it helped to resolve your issue.

Answer 1

Deepanshukatara-6769 15,275

Hello , Welcome to MS Q&A

To create a new Azure Function using a Bicep pipeline with a service principal, you can follow these steps using Azure CLI:

Log in with the Service Principal: Use the following command to log in to Azure using your service principal credentials:

   az login --service-principal --username <appId> --password <password> --tenant <tenantId>

Deploy the Bicep Template: Once logged in, you can deploy your Bicep template to create the Azure Function. Use the following command:

   az deployment group create --resource-group <resourceGroup> --template-file <bicepFile> --parameters <parameters>

Replace <resourceGroup>, <bicepFile>, and <parameters> with your specific resource group name, Bicep file path, and any parameters required for your deployment.

These steps will help you deploy your Azure Function using the Bicep template with the service principal you have

Please let me know if you have ques

Kindly accept if it helps

Thanks

Deepanshu

Khalid Hajjouji 40

Hi @Deepanshukatara-6769 , will it be something like this as inline script in the Yaml file? Or do I need to add the service principal logic to the bicep file?

trigger:
  - none

pool:
  vmImage: 'ubuntu-latest'

variables:
  environment: 'dev'
  location: 'East US'
  functionAppName: 'myfunctionappCreatedFromBicepPipeLine-$(environment)'
  storageAccountName: 'storageaccountpipeline3'
  resourceGroupName: 'newResourceGroupManuelCreated2'
  appServicePlanName: 'myappserviceplan$(environment)'

stages:
- stage: Deploy_Infrastructure
  displayName: 'Deploy Azure Function Infrastructure'
  jobs:
  - job: DeployBicep
    steps:
    - task: AzureCLI@2
      inputs:
        azureSubscription: 'AZ TST'
        scriptType: 'bash'
        scriptLocation: 'inlineScript'
        inlineScript: |
		  az login --service-principal --username <appId> --password <password> --tenant <tenantId>
myServicePrincipalPassword
 --tenant myTenantGuid
          az storage account create \
            --name $(storageAccountName) \
            --resource-group $(resourceGroupName) \
            --location eastus \
            --sku Standard_RAGRS \
            --kind StorageV2 \
            --min-tls-version TLS1_2 \
            --allow-blob-public-access false
          az deployment group create \
            --resource-group $(resourceGroupName) \
            --template-file functionapp.bicep \
            --parameters functionAppName=$(functionAppName) storageAccountName=$(storageAccountName) appServicePlanName=$(appServicePlanName) environment=$(environment)

- stage: Deploy_FunctionCode
  displayName: 'Deploy Function Code'
  dependsOn: Deploy_Infrastructure
  jobs:
  - job: DeployCode
    steps:
    - task: AzureFunctionApp@1
      inputs:
        azureSubscription: 'AZ TST'
        appType: 'functionApp'
        appName: '$(functionAppName)'
        package: '$(System.DefaultWorkingDirectory)'

param location string = 'East US'
param functionAppName string
param storageAccountName string
param appServicePlanName string
param environment string

resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' = {
  name: storageAccountName
  location: location
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
}

resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = {
  name: appServicePlanName
  location: location
  sku: {
    name: 'Y1' // Consumption Plan
  }
  kind: 'functionapp'
}

resource functionApp 'Microsoft.Web/sites@2021-02-01' = {
  name: functionAppName
  location: location
  kind: 'functionapp'
  properties: {
    serverFarmId: appServicePlan.id
    siteConfig: {
      appSettings: [
        { name: 'AzureWebJobsStorage', value: storageAccount.properties.primaryEndpoints.blob }
        { name: 'FUNCTIONS_WORKER_RUNTIME', value: 'powershell' }
        { name: 'APP_ENVIRONMENT', value: environment }
      ]
    }
  }
}

output functionAppName string = functionApp.name

Khalid Hajjouji 40 Reputation points

2025-04-24T11:38:08.3133333+00:00

Hi @Deepanshukatara-6769 , could you please answer my last question?
Sai Prabhu Naveen Parimi 1,180 Reputation points Microsoft External Staff

2025-04-28T08:00:55.99+00:00

@Deepanshukatara-6769

Just checking if you can review the Khalid Hajjouji follow-up question.

Share via

How to provision a new Azure Function with bicep pipeline and service principle?

1 answer

Your answer