Michal Checinski

Azure Logic App Blob Storage connection in Azure Bicep

February 2, 2022 , posted under Azure Azure Bicep Azure Logic Apps Azure Storage
Azure Logic App Blob Storage connection in Azure Bicep

Logic Apps became one of the main tools among other serverless services in Azure. Today, not only non-technical users create them. Logic Apps became one of the tools in the arsenals of Cloud Engineers and developers to effortlessly automate processes without writing a single line of code.

But anyone who built the Logic App and wants to approach it as a standard software at some point comes to the wall of deploying the Logic App to the different environments (qa, test production, etc.) using the same Logic APp version to properly test the solution. The first thing that comes to mind is to export an ARM template from the Azure portal from the Logic App resource group. But after exporting it, you could see the warning message that API connections of the Logic App haven’t been exported. And after deploying the template that you’ve exported, you can see that the connections no longer work. Why is that?

The connection often carries some kind of credentials to authorize in the resource. Those are confidential values that cannot be exported in ARM template from the portal just like that.

Exploring Azure documentation, you probably will find out that the properties of the API connection are not there. So, where could you get all the fields and properties to fill up the template to create the connection. Recently developing Logic App I also faced that problem. As I’ve found the correct properties, I’ll share them with you. Today I’ll show you the API connection for the Azure Blog Storage, but in future posts, I’ll cover Azure Table, Azure KeyVault, and maybe something more.

Azure Bicep for the Blob Storage connection

Below you can find the Azure Bicep code for creating Logic App connection for Azure Blob Storage. It’s the standard Microsoft.Web/connections template from Microsoft Docs, with added some key properties to properly integrate with Azure Storage. The most important ones are:

  • parameterValues
    • accountName
    • accessKey
  • api
    • name
    • id
    • type

Those values are not in the Microsoft Docs, unfortunately, so feel free to copy-paste them or the whole code to your Bicep IaC.

resource blobStorageConnection 'Microsoft.Web/[email protected]' = {
  name: 'azureblob'
  kind: 'V1'
  location: '<location>'
  properties: {
    displayName: '<storageName>-blobconnection'
    parameterValues: {
      accountName: '<storageName>'
      accessKey: '<storage-access-key>'
    }
    api: {
      name: 'azureblob'
      id: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/locations/${resourceGroup().location}/managedApis/azureblob'
      type: 'Microsoft.Web/locations/managedApis'
    }
  }
}

You need to replace <storageName> with actual storage name, <storage-access-key> with Azure Storage access key which you want to connect with logic app and <location> with Azure region eg. westeurope. But if you don’t want to do that, please check the paragraph below.

Ready to deploy Azure Bicep

Below you can find ready to deploy Azure Bicep file with reference to the Azure Storage you want to connect with Logic App. You need to provide the name of the logic app as a parameter. The Bicep will fill up the Azure Storage names where needed and get the Azure storage connection key itself. Be aware that the user or principal that you use to deploy the Bicep needs to have access to that Azure Storage resource.

param storageName string

param location string = resourceGroup().location

resource storage 'Microsoft.Storage/[email protected]' existing = {
  name: storageName
}

resource blobStorageConnection 'Microsoft.Web/[email protected]' = {
  name: 'azureblob'
  kind: 'V1'
  location: location
  properties: {
    displayName: '${storageName}-blobconnection'
    parameterValues: {
      accountName: storageName
      accessKey: listKeys(storage.id, storage.apiVersion).keys[0].value
    }
    api: {
      name: 'azureblob'
      id: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/locations/${resourceGroup().location}/managedApis/azureblob'
      type: 'Microsoft.Web/locations/managedApis'
    }
  }
}

If you are looking for Azure Bicep code to integrate other Azure services using connections in Logic Apps, please check other blogposts on my blog and subscribe to my Twitter/RSS to be notified when I publish new blogpost.