API connection for blob storage using Managed Identity
I am trying to create API connection using bicep. I want to create API connection that connects to Blob Storage using Managed Identity. I will use that connection in my Logic app.
By hand, i am able to create API connection that uses managed identity:
But its really hard to reproduce that in bicep since its really poor documented.
I prepared code:
resource blobStorageConnection 'Microsoft.Web/connections@2016-06-01' = {
name: 'blobStorageConnection'
location: resourceGroup().location
properties: {
displayName: 'blobStorageConnection'
api: {
name: 'azureblob'
id: '/subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/locations/${resourceGroup().location}/managedApis/azureblob'
type: 'Microsoft.Web/locations/managedApis'
}
parameterValues: {
accountName: 'playtestinga673'
authenticationType: 'ManagedServiceIdentity'
}
}
}
But that code throws an error
{"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"BadRequest","message":"{\r\n "error": {\r\n "code": "BadRequest",\r\n "message": "{\"Code\":\"BadRequest\",\"Message\":\"Input parameters are invalid. See details for more information. Details:errorCode: ParameterNotDefined. Message: Parameter 'authenticationType' is not allowed on the connection since it was not defined as a connection parameter when the API was registered..\",\"Target\":null,\"Details\":[{\"Message\":\"Input parameters are invalid. See details for more information. Details:errorCode: ParameterNotDefined. Message: Parameter 'authenticationType' is not allowed on the connection since it was not defined as a connection parameter when the API was registered..\"},{\"Code\":\"BadRequest\"},{\"ErrorEntity\":{\"ExtendedCode\":\"14022\",\"MessageTemplate\":\"Input parameters are invalid. See details for more information. Details:{0}.\",\"Parameters\":[\"errorCode: ParameterNotDefined. Message: Parameter 'authenticationType' is not allowed on the connection since it was not defined as a connection parameter when the API was registered.\"],\"Code\":\"BadRequest\",\"Message\":\"Input parameters are invalid. See details for more information. Details:errorCode: ParameterNotDefined. Message: Parameter 'authenticationType' is not allowed on the connection since it was not defined as a connection parameter when the API was registered..\"}}],\"Innererror\":null}"\r\n }\r\n}"}]}}
I used command:
az rest --url https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Web/locations/westeurope/managedApis/azureblob?api-version=2016-06-01
But that json says nothing to me
My question is, how to create API Connection to blob storage with Managed identity using bicep?
API connection for blob storage using Managed Identity: -
Use below bicep code to authenticate blob with the managed identity.
param location string = resourceGroup().location
param roleDefinitionId string = 'ba92f5b4-2d11-453d-a403-e96b0029c9fe' //Storage Blob Data Contributor role
var storageAccountName = 'mystoragejama'
resource storageAccount 'Microsoft.Storage/storageAccounts@2021-04-01' = {
name: storageAccountName
location: location
sku: {
name: 'Standard_LRS'
}
kind: 'StorageV2'
properties: {
accessTier: 'Hot'
allowBlobPublicAccess: true
supportsHttpsTrafficOnly: true
minimumTlsVersion: 'TLS1_2'
}
}
resource blobConnection 'Microsoft.Web/connections@2016-06-01' = {
name: 'xxxxx' //user defined
location: location
kind: 'V1'
properties: {
alternativeParameterValues: {}
api: {
id: 'subscriptions/${subscription().subscriptionId}/providers/Microsoft.Web/locations/${location}/managedApis/azureblob'
}
customParameterValues: {}
parameterValueSet: {
name: 'managedIdentityAuth'
values: {}
}
}
}
Deployment succeeded:
Portal view:
Refer blog by @Thomas Pentenrieder for the relevant bicep code structure including logic app too.