pythonazureazure-managed-identityazure-monitoringazure-identity

Query Logs from Application Insights in Python - InsufficientAccessError


I have some logs in my Application Insights that I want to query directly in Python. I'm using Azure Monitor Query and Azure Identity to do this.

Here's the code:

from azure.identity import DefaultAzureCredential
from azure.monitor.query import LogsQueryClient

cred = DefaultAzureCredential(logging_enable=True, managed_identity_client_id=my_managed_identity_client_id)

client = LogsQueryClient(cred)

response = client.query_workspace(
            workspace_id=my_workspace_id,
            query=some_query,
            timespan(some_start_time, some_end_time))

So when doing this, I keep getting this "(InsufficientAccessError) The provided credentials have insufficient access to perform the requested operation."

I have given the managed identity contributor rights in IAM to the app insights, and to the Azure Databricks workspace that this code is running in, in IAM as well. So I don't believe the managed_identity is wrongly configured. Do let me know if this sounds wrong.

I grabbed the workspace_id from my app insights by going to the linked "Workspace" and grabbing Workspace ID from there.

Is there something I'm missing here?


Solution

  • Giving the Managed Identity the Contributor role allows it to modify the resource, not access to the data plan.

    You need to assign a role that allows access to the data, like the Monitoring Reader role.