Logic Apps Standard Managed Identity for API Connection using Access Policy With Azure Bicep
Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. There are 2 types of managed Identities, System assigned and User Assigned. This article will only focus on System Assigned one.
System Managed Identity
- Created as part of an Azure resource (for example, Azure Virtual Machines or Azure App Service).
- Shared life cycle with the Azure resource that the managed identity is created with. When the parent resource is deleted, the managed identity is deleted as well.
- Can’t be shared. It can only be associated with a single Azure resource.
Steps
- Enable System Identity when creating Logic Apps
- Give identity access to API connection using an Access Policy
Enable System Identity when creating Logic Apps
This article will not show how to create a Logic Apps Standard using Bicep; You can check this great Demo from Samuel Kastberg.
When creating your Logic Apps, add the Identity object to your Bicep code :
identity:{
type:'SystemAssigned'
}
if deployment has successfully created LA, on Azure portal the system identity must be enabled:
Give identity access to API connection using an Access Policy
resource MyLAAccessPolicy 'Microsoft.Web/connections/accessPolicies@2016-06-01' = {
name: '${MyConnection.name}/${MyLA.name}'
location: resourceGroup().location
properties: {
principal: {
type: 'ActiveDirectory'
identity: {
tenantId: subscription().tenantId
objectId: MyLA.identity.principalId
}
}
}
}
Important :
The access policy name must have the fomat : Connection name + / + Logic Apps name or ID
Recommended reading
Authenticate access to Azure resources with managed identities in Azure Logic Apps
Commentaires récents