-
-
Save ThomasPe/a3e3de767a58eb2cc366b8d3b7ebcd46 to your computer and use it in GitHub Desktop.
Logic App + Managed Identity with Bicep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param location string = resourceGroup().location | |
| param roleDefinitionId string = 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //Default as Storage Blob Data Contributor role | |
| var storageAccountName = 'mystorageaccountname' | |
| var logicAppDefinition = json(loadTextContent('definition.json')) | |
| resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' = { | |
| name: storageAccountName | |
| location: location | |
| sku: { | |
| name: 'Standard_LRS' | |
| } | |
| kind: 'StorageV2' | |
| properties: { | |
| accessTier: 'Hot' | |
| allowBlobPublicAccess: true | |
| supportsHttpsTrafficOnly: true | |
| minimumTlsVersion: 'TLS1_2' | |
| } | |
| } | |
| resource blobConnection 'Microsoft.Web/connections@2018-07-01-preview' = { | |
| name: 'blobConnectionName' | |
| location: location | |
| kind: 'V1' | |
| properties: { | |
| alternativeParameterValues: {} | |
| api: { | |
| id: 'subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/locations/${location}/managedApis/azureblob' | |
| } | |
| customParameterValues: {} | |
| displayName: defaultName | |
| parameterValueSet: { | |
| name: 'managedIdentityAuth' | |
| values: {} | |
| } | |
| } | |
| } | |
| resource logicapp 'Microsoft.Logic/workflows@2019-05-01' = { | |
| name: 'logicAppName' | |
| location: location | |
| identity: { | |
| type: 'SystemAssigned' | |
| } | |
| properties: { | |
| state: 'Enabled' | |
| definition: logicAppDefinition.definition | |
| parameters: { | |
| '$connections': { | |
| value: { | |
| azureblob: { | |
| connectionId: blobConnection.id | |
| connectionName: 'azureblob' | |
| id: 'subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/locations/${location}/managedApis/azureblob' | |
| connectionProperties: { | |
| authentication: { | |
| type: 'ManagedServiceIdentity' | |
| } | |
| } | |
| } | |
| } | |
| } | |
| 'storageAccount': { | |
| value: storageAccountName | |
| } | |
| } | |
| } | |
| } | |
| resource logicAppStorageAccountRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = { | |
| scope: storageAccount | |
| name: guid('ra-logicapp-${roleDefinitionId}') | |
| properties: { | |
| principalType: 'ServicePrincipal' | |
| roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId) | |
| principalId: logicapp.identity.principalId | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment