Manage Azure Functions with Managed Identity Logic Apps

Sometimes we may want to programmatically turn our Azure Functions off or on or do other management tasks with them. This post will show you how you can Manage Azure Functions with Managed Identity Logic Apps.

What you’ll need:

  • Azure Function
  • Logic App
  • Azure Active Directory (pretty much always included now right?)

Setup Managed Identity Logic App

This assumes you’ve already created your Logic App. Once created, go into it and under Settings click on Identity, then toggle the Status to On.

Managed Identity inside Logic Apps

Once setup you can see the Application registration under Azure Active Directory. Then select all Applications under Manage and select All Applications drop down under Application Type.

Managed Identity inside Logic Apps

Add Logic App Identity to Azure Function

Azure Functions don’t really follow the layout of the Azure portal. To add the Logic App Identity open your Azure Function, then select Platform Features then All Settings.

Managed Identity inside Logic Apps

Once that opens we have something that conforms to the Azure portal layout. Next click on Access control (IAM) and then Add a role assignment.

 

Managed Identity inside Logic Apps

Then, give it Contributor role, Assign access to Logic App then search for your Logic App and select it.

Managed Identity inside Logic Apps

 

Add Logic App Step to Manage Azure Function

As of writing the only action that can use Managed Identity is HTTP Post. For my purpose I’m using a Logic App to start and stop an Azure Function at certain times. Triggered from on a Azure Monitor Log Search Alert that I’ll talk about in a later post.

Managed Identity inside Logic Apps

Under Authentication select Managed Identity.

To stop the Azure Function we’ll use https://management.azure.com/subscriptions/subscriptionID/resourceGroups/azurefunctionresourcegroupname/providers/Microsoft.Web/sites/SolarDailyMonitor/stop?api-version=2015-08-01

To start the Azure Function we’ll use https://management.azure.com/subscriptions/subscriptionID/resourceGroups/azurefunctionresourcegroupname/providers/Microsoft.Web/sites/SolarDailyMonitor/start?api-version=2015-08-01

 

Using Managed Identity Logic Apps, there are a number of tasks that can be performed. All of the API Management Tasks for Azure Functions are located here https://docs.microsoft.com/en-us/rest/api/appservice/webapps/listapplicationsettings

Leave a Comment