Reputation: 5228
API connection for blob storage using Managed Identity
I am trying to create API connection using bicep. I want to create API connection that connects to Blob Storage using Managed Identity. I will use that connection in my Logic app.
By hand, i am able to create API connection that uses managed identity:
But its really hard to reproduce that in bicep since its really poor documented.
I prepared code:
resource blobStorageConnection 'Microsoft.Web/connections@2016-06-01' = {
name: 'blobStorageConnection'
location: resourceGroup().location
properties: {
displayName: 'blobStorageConnection'
api: {
name: 'azureblob'
id: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/locations/${resourceGroup().location}/managedApis/azureblob'
type: 'Microsoft.Web/locations/managedApis'
}
parameterValues: {
accountName: 'playtestinga673'
authenticationType: 'ManagedServiceIdentity'
}
}
}
But that code throws an error
{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"BadRequest","message":"{\r\n "error": {\r\n "code": "BadRequest",\r\n "message": "{\"Code\":\"BadRequest\",\"Message\":\"Input parameters are invalid. See details for more information. Details:errorCode: ParameterNotDefined. Message: Parameter 'authenticationType' is not allowed on the connection since it was not defined as a connection parameter when the API was registered..\",\"Target\":null,\"Details\":[{\"Message\":\"Input parameters are invalid. See details for more information. Details:errorCode: ParameterNotDefined. Message: Parameter 'authenticationType' is not allowed on the connection since it was not defined as a connection parameter when the API was registered..\"},{\"Code\":\"BadRequest\"},{\"ErrorEntity\":{\"ExtendedCode\":\"14022\",\"MessageTemplate\":\"Input parameters are invalid. See details for more information. Details:{0}.\",\"Parameters\":[\"errorCode: ParameterNotDefined. Message: Parameter 'authenticationType' is not allowed on the connection since it was not defined as a connection parameter when the API was registered.\"],\"Code\":\"BadRequest\",\"Message\":\"Input parameters are invalid. See details for more information. Details:errorCode: ParameterNotDefined. Message: Parameter 'authenticationType' is not allowed on the connection since it was not defined as a connection parameter when the API was registered..\"}}],\"Innererror\":null}"\r\n }\r\n}"}]}}
I used command:
az rest --url https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Web/locations/westeurope/managedApis/azureblob?api-version=2016-06-01
But that json says nothing to me
My question is, how to create API Connection to blob storage with Managed identity using bicep?
Upvotes: 0
Views: 1229
Answers (1)
Reputation: 7898
API connection for blob storage using Managed Identity: -
Use below bicep code to authenticate blob with the managed identity.
param location string = resourceGroup().location
param roleDefinitionId string = 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //Storage Blob Data Contributor role
var storageAccountName = 'mystoragejama'
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
allowBlobPublicAccess: true
supportsHttpsTrafficOnly: true
minimumTlsVersion: 'TLS1_2'
}
}
resource blobConnection 'Microsoft.Web/connections@2016-06-01' = {
name: 'xxxxx' //user defined
location: location
kind: 'V1'
properties: {
alternativeParameterValues: {}
api: {
id: 'subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/locations/${location}/managedApis/azureblob'
}
customParameterValues: {}
parameterValueSet: {
name: 'managedIdentityAuth'
values: {}
}
}
}
Deployment succeeded:
Portal view:
Refer blog by @Thomas Pentenrieder for the relevant bicep code structure including logic app too.
Upvotes: 1
Related Questions
- Error azure bicep logic app deploy error "The property 'ConnectionAceStorageEntity.PrincipalId' is immutable"
- Bicep for creating API connection for SQL over Data Gateway
- Create an Api connection to log analytics workspace via bicep
- When referencing a Managed Identity from a bicep module the identity cannot be found (resource group is passed as <null>)
- Bicep for acsemail API Connection
- Managed Identity connection to storage I have no direct access to
- Unable to create Azure AKS Container Service with Managed Identity using ARM template
- Logic apps ARM deployment fails for API connections using OAuth that already exist and are connected
- Create an API Connection to an Azure Table Store via ARM