Search code examples
azureazure-bicep

Is there a Bicep way to create a Logic App API for storage using the Access Key?

Over the last few weeks I've been battling with the poor documentation for creating Logic App API connection using Bicep. Thanks to anyone who has posted or answered similar questions on here, or written a blog post - I have probably read it!

I need to create a Logic App API connection to Azure Blob Storage that uses the Access Key.

If I were to do it manually, I would do it here.

enter image description here

The following Bicep creates this configuration, but whatever I do, the access key never gets populated in the API connection so the Logic App fails with "Key 'AccessKey' not found in connection profile".

param location string
param apiId string
param apiName string
param storageName string

resource storageAccount 'Microsoft.Storage/storageAccounts@2022-09-01' existing = {
  name: storageName
}

// Creates an API connection to Azure Storage
resource apiConnection 'Microsoft.Web/connections@2016-06-01' = {
  name: apiName
  location: location
  tags: {}
  properties: {
    api: {
      id: apiId
    }
    parameterValueSet: {
      name: 'keyBasedAuth'
      values: {
          accountName: {
              value: storageName
                  accessKey: storageAccount.listKeys().keys[0].value
          }
      }
    }
    displayName: apiName
  }
}

output name string = apiName

The error in the workflow is as follows: enter image description here

Here I am using a reference to get the key from the Storage object. I've also tried just putting the plaintext key in there to see what happened, and even then it didn't get put in (obviously a bad idea and I have rotated the keys since then).

I've tried monitoring the network tab of Dev Tools to see happens when I create it in the Portal but no clues. I've also tried running az rest --url https://management.azure.com/subscriptions/{mySubId}/providers/Microsoft.web/locations/ukwest/managedApis/{apiName}?api-version=2016-06-01, but again, no clues.

I'm starting to wonder if this is possible to do programmatically?

TIA

Solution

  • Have you tried replacing the parameterValueSet with something like:

    parameterValues: {
  accountName: storageName
  accessKey: storageAccount.listKeys().keys[0].value
}

    You can find an example on ARM - not Bicep - here.