I'm trying to setup an access policy in my ARM template to allow my logic app to access Key Vault. Both resources are already created but when I'm running my pipeline it is coming up that the logic app resource is not found (it already exists).
Error: The Resource 'Microsoft.Logic/workflows/logicappName' under resource group 'resourceGroupName' was not found.
Policy:
{
"tenantId": "[parameters('tenantId')]",
"objectId": "[reference(concat(resourceId('Microsoft.Logic/workflows', variables('logicAppName'))), '2021-01-15').principalId]",
"permissions": {
"keys": [],
"secrets": ["get", "list"],
"certificates": []
}
}
I've tried API's: 2019-05-01 and 2018-11-30 too. They're both in the same network
EDIT: If I use logic app's objectId without trying to referencing it, it works.
I'm expecting for the Logic app to be able to read secrets from Key Vault, I've already set this up with App Service in the exact same policy (for app service)
If you are indeed using a Standard Logic App and not a Consumption Logic App then you are dealing not with Microsoft.Logic/workflows but with Microsoft.Web/sites - in essence, Standard Logic Apps are Function Apps.
Try replacing your
"objectId": "[reference(concat(resourceId('Microsoft.Logic/workflows', variables('logicAppName'))), '2021-01-15').principalId]",
with
"objectId": "[reference(resourceId('Microsoft.Web/sites', variables('logicAppName')), '2021-03-01', 'full').identity.principalId]",
and see if it helps.