Menu
When deploying KeyVault service that has Access Policy to Managed Identity on enabled Logic App it fails because it doesn't exist yet. I did add dependson for the logic app.
Wierd thing is this template was working for weeks now it fails every single time so I'm a bit confused. I copied this from quickstart templates from MS. But this isn't the issue since if you look at the error it's pointing to the correct target resource. Also this template works if I click redeploy after it fails since at that time managed identity already exists. I tested it and it fails anyway.
Here is my ARM template
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logicAppName": {
"type": "string",
"minLength": 1,
"metadata": {
"description": "Describes the name of the Logic App resource"
},
"defaultValue": "demo"
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Specifies the Azure location where the key vault should be created."
}
}
},
"variables": {
"keyVaultName": "[concat('eakeyvault', uniquestring(resourceGroup().id))]",
"logicAppName": "[parameters('logicAppName')]"
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"name": "[variables('keyVaultName')]",
"apiVersion": "2018-02-14",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Logic/workflows', variables('logicAppName'))]"
],
"properties": {
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false,
"tenantId": "[subscription().tenantId]",
"accessPolicies": [
{
"objectId": "[reference(concat(resourceId('Microsoft.Logic/workflows/', variables('logicAppName')), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2018-11-30').principalId]",
"tenantId": "[subscription().tenantId]",
"permissions": {
"secrets": ["get"]
}
}
],
"sku": {
"name": "standard",
"family": "A"
},
"networkAcls": {
"value": {
"defaultAction": "Allow",
"bypass": "AzureServices"
}
}
}
},
{
"type": "Microsoft.Logic/workflows",
"apiVersion": "2017-07-01",
"name": "[variables('logicAppName')]",
"location": "[resourceGroup().location]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"state": "Disabled",
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"actions": {
},
"contentVersion": "1.0.0.0",
"outputs": {},
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"Recurrence": {
"recurrence": {
"frequency": "Day",
"interval": 1,
"schedule": {
"hours": [
"3"
]
}
},
"type": "Recurrence"
}
}
},
"parameters": {
}
}
}
]
}
And error
{
"id":"/subscriptions/x/resourceGroups/demo6/providers/Microsoft.Resources/deployments/Microsoft.Template/operations/272BE07B42936635",
"operationId":"272BE07B42936635",
"properties":{
"provisioningOperation":"Read",
"provisioningState":"Failed",
"timestamp":"2019-10-06T15:09:38.8112774Z",
"duration":"PT1.3818083S",
"trackingId":"faf54706-3f6f-469a-9917-a65bdba9768f",
"statusCode":"NotFound",
"statusMessage":{
"error":{
"code":"ResourceNotFound",
"message":"The Resource 'Microsoft.Logic/workflows/demo' under resource group 'demo6' was not found."
}
},
"targetResource":{
"id":"/subscriptions/x/resourceGroups/demo6/providers/Microsoft.Logic/workflows/demo/providers/Microsoft.ManagedIdentity/Identities/default",
"resourceType":"Microsoft.ManagedIdentity/Identities",
"resourceName":"default",
"apiVersion":"2018-11-30"
}
}
}
697
I've used this as the reference with an App Service:
[reference(resourceId('Microsoft.Web/sites', variables('webAppName')), '2016-08-01', 'Full').identity.principalId]
and the dependsOn of course:
[resourceId('Microsoft.Web/sites', variables('webAppName'))]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
