Reputation: 613
Execution sequence to execute bicep for apim and consumption logic app
I have a requirement to implement APIM - policies --> consumption logic app(http triggered). I have achieved this from the UI however, I have to create bicep for the same
- To create a http consumption logic app
- Add AAD policy with the application id and IP restriction for APIM (APIM yet to create) into the logic app created
- Create an APIM(enable system id) with a front end policy 'JWT token' and backend policy to access the consumption logic app created in the previous step
I am using bicep to implement this functionality and not sure how to achieve this in the same execution.
Also, I have just started with bicep therefore please advice on the best practises to follow while creating these resources/functionality and deploying to subscriptions/PROD.
Upvotes: 0
Views: 45
Answers (1)
Reputation: 2401
Execution sequence to execute bicep for apim and consumption logic app
To have configuration to use Bicep that create resources for APIM, policies, and a consumption logic app you need logic app with its HTTP trigger apply the AAD policy with the application and IP restrictions and set up the APIM with frontend and backend policies, including 'JWT token' and linking to the logic app. This is the basic structure. This configuration can be achived by refering to document attached.
To achive this involves creating dependencies between the logic app and APIM, even though APIM is created after the logic app you can either use the dependsOn to achieve this requriement of sequencial order.
A sample configuration setup looking like this mentioned below
bicep configuration:
resource apimPolicy 'Microsoft.ApiManagement/service/apis/policies@2021-08-01' = {
parent: apimApi
name: 'policy'
properties: {
value: '''
<policies>
<inbound>
<base />
<validate-jwt header-name="Authorization"
require-scheme="Bearer"
failed-validation-httpcode="401"
failed-validation-error-message="Unauthorized">
<openid-config url="https://login.microsoftonline.com/${tenantId}/v2.0/.well-known/openid-configuration" />
<required-claims>
<claim name="appid">
<value>${expectedAppId}</value>
</claim>
</required-claims>
</validate-jwt>
</inbound>
<backend>
<set-backend-service base-url="${logicAppCallbackUrl}" />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
'''
}
dependsOn: [
apimApi
]
}
For more rest of the configuration for logicapps, jwt-policy apim, apim policies info on bicep configuration
you can also refer to these microsoft documentations mentioned below
https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/resource-dependencies
Upvotes: 0
Related Questions
- Workflow and API connection provisioning for Standard logic app via Bicep templates/scripts
- Unable to deploy flex consumption function app using azure bicep
- Azure Logic App Authorization Policy set via Bicep
- Why do I get a 401 calling a logic app from APIM
- Azure Logic app APIM connector retry when Retry is set to None
- Increasing the connection Timeout time for Azure APIM connector in logic app
- How to connect APIM to Azure Function App using Azure Bicep?
- APIM and Logic App to read a file via REST API
- Azure ApiM unable to create jwt token validation policy with RSA certificate
- Azure APIM with logic app: definition ignored?