Deploy Standard Logic App Using Terraform With Privately Secured Storage Account (Storage Account Can be accessed using VNet)

Question

I have created subnet and configured that in networking of Storage Account. Then using that subnet id in terraform configuaration for the standard logic app deployment.

I am new to terraform and loks like this issue is posted everywhere. I have found the way to deploy using arm template but needs help using terraform.

...

resource "azurerm_logic_app_standard" "example" {

  name                       = "exampleLogicAppName"
  location                   = "West Europe"
  resource_group_name        = "exampleResourceGroupName"
  app_service_plan_id        = azurerm_service_plan.ap-weu-dev-opswkspcfv2.id
  storage_account_name       = "exampleStorageAccountName"
  storage_account_access_key = "exampleStorageAccountAccessKey"
  virtual_network_subnet_id  = "virtualNetworkSubnetId"
  
  }
  
  I have also tried Swift connection
  
  resource "azurerm_app_service_virtual_network_swift_connection" "example" {
  app_service_id = azurerm_logic_app_standard.example.id
  subnet_id      = "virtualNetworkSubnetId"
}

...

Answer 1

I tried in my environment and got the below results:

You can use the below code to deploy a standard logic app with a privately secured storage account that can be accessed using VNet.

main.tf

provider "azurerm" {
  features {}
}                           
  
data "azurerm_resource_group" "example" {
  name     = "your-resource-group-name"
}

data "azurerm_storage_account" "example" {
  name                     = "venkat123"
  resource_group_name      = data.azurerm_resource_group.example.name
}

resource "azurerm_virtual_network" "example" {
  name                = "vnet326"
  address_space       = ["10.0.0.0/16"]
  resource_group_name = data.azurerm_resource_group.example.name
  location            = data.azurerm_resource_group.example.location
}

resource "azurerm_subnet" "example" {
  name                 = "subnet1"
  resource_group_name  = data.azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.2.0/24"]
  service_endpoints    = ["Microsoft.Storage"]
  delegation {
    name = "delegation"
    service_delegation {
      name    = "Microsoft.Web/serverFarms"
      actions = ["Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action"]
    }
  }
}

resource "azurerm_storage_account_network_rules" "example" {
  storage_account_id = data.azurerm_storage_account.example.id

  default_action             = "Allow"
  ip_rules                   = ["100.0.0.1"]
  virtual_network_subnet_ids = [azurerm_subnet.example.id]
  bypass                     = ["Metrics"]
}

resource "azurerm_app_service_plan" "example" {
  name                = "venkat346plan"
  location            = data.azurerm_resource_group.example.location
  resource_group_name = data.azurerm_resource_group.example.name
  kind                = "elastic"

  sku {
    tier = "WorkflowStandard"
    size = "WS1"
  }
}
resource "azurerm_logic_app_standard" "example" {
  name                       = "venkatlogicapp326"
  resource_group_name        = data.azurerm_resource_group.example.name
  location                   = data.azurerm_resource_group.example.location
  app_service_plan_id        = azurerm_app_service_plan.example.id
  storage_account_name       = data.azurerm_storage_account.example.name
  storage_account_access_key = data.azurerm_storage_account.example.primary_access_key
  virtual_network_subnet_id  = azurerm_subnet.example.id
}

Output:

Portal:

The above code is executed and creates a logic app with the same Vnet as the storage account.

Reference:

azurerm_logic_app_standard | Resources | hashicorp/azurerm | Terraform Registry