Terraform the Creation on a Azure Standard Logic App and "SQL Connector"
I would like to automate the deployment of a standard Azure logic app that does the following…
Starts with a reoccurrence trigger (this i know how to do)
Using a “sql connector” (think I should use a built-in connector as the logic app is using vnet integration) connect to an Azure sql database and execute a simple “sql select” query.
The query will be executed using the ‘user assigned managed identity’ of the logic app which will be created as login in the database with “db_datareader” perms.
I am looking for a example or tutorial on how to Terraform the above. I have looked but found examples of using smtp and storage accounts...
Solution
Terraform the Creation on a Azure Standard Logic App and "SQL Connector"
I tired the configuration you're looking for creating logic app and SQL connector by referring to MSDoc1 and MSdoc2 this configuration you're looking for cannot be achieved from terraform along we need automation tools null resource and CLI commands to achieve the requirement.
Configuration:
resource "azurerm_mssql_server" "example" {
name = "vksb-sql-server"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
version = "12.0"
administrator_login = "adminuser"
administrator_login_password = "H@Sh1CoR3!"
}
resource "azurerm_mssql_database" "example" {
name = "vksb-sql-db"
server_id = azurerm_mssql_server.example.id
collation = "SQL_Latin1_General_CP1_CI_AS"
license_type = "LicenseIncluded"
max_size_gb = 250
read_scale = false
sku_name = "S0"
zone_redundant = false
}
resource "azurerm_logic_app_workflow" "example" {
name = "vksb-logic-app"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
identity {
type = "UserAssigned"
identity_ids = [
azurerm_user_assigned_identity.example.id
]
}
}
resource "azurerm_resource_group_template_deployment" "sql_api_connection" {
name = "vksb-api-connection-deployment"
resource_group_name = azurerm_resource_group.example.name
deployment_mode = "Incremental"
template_content = file("${path.module}/api-connection-template.json")
parameters_content = jsonencode({
connectionName = {
value = "sql-connection"
}
serverName = {
value = "vinaysb-sql-server.database.windows.net"
}
databaseName = {
value = "vinay-sql-db"
}
})
depends_on = [
azurerm_user_assigned_identity.example,
azurerm_mssql_server.example,
azurerm_mssql_database.example,
azurerm_logic_app_workflow.example
]
}
# Null Resource to execute PowerShell script for Logic App workflow update
resource "null_resource" "configure_logic_app_workflow" {
provisioner "local-exec" {
interpreter = ["pwsh", "-Command"]
command = "${path.module}/configure-logic-app-and-sql-user.ps1"
environment = {
CLIENT_ID = azurerm_user_assigned_identity.example.client_id
TENANT_ID = data.azurerm_client_config.current.tenant_id
SERVER_NAME = azurerm_mssql_server.example.name
DATABASE_NAME = azurerm_mssql_database.example.name
LOGIC_APP_NAME = azurerm_logic_app_workflow.example.name
RESOURCE_GROUP = azurerm_resource_group.example.name
SUBSCRIPTION_ID = data.azurerm_client_config.current.subscription_id
USER_NAME = "yourmailID"
USER_ROLE = "db_datareader"
}
}
depends_on = [
azurerm_resource_group_template_deployment.sql_api_connection,
azurerm_logic_app_workflow.example
]
}
configure-logic-app-and-sql-user.ps1
sqlcmd -S tcp:$serverName.database.windows.net -d $databaseName -G -U $clientId@$tenantId -Q "$sqlCommand"
$workflow = @{
'$schema' = "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#"
contentVersion = "1.0.0.0"
parameters = @{
sqlServer = @{
type = "string"
defaultValue = $serverName
}
sqlDatabase = @{
type = "string"
defaultValue = $databaseName
}
}
triggers = @{
Recurrence = @{
type = "Recurrence"
recurrence = @{
frequency = "Day"
interval = 1
}
}
}
actions = @{
Execute_SQL_Query = @{
type = "ApiConnection"
inputs = @{
host = @{
connection = @{
name = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Web/connections/sql-connection"
}
}
method = "post"
path = "/query"
body = @{
query = "SELECT * FROM your_table"
}
}
}
}
} | ConvertTo-Json -Depth 10
az resource update `
--resource-group $resourceGroup `
--name $logicAppName `
--resource-type "Microsoft.Logic/workflows" `
--set properties.definition="$workflow"
api-connection.json:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"location": "[resourceGroup().location]",
"name": "[parameters('connectionName')]",
"properties": {
"displayName": "SQL Connection",
"api": {
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/sql')]"
},
"parameterValues": {
"server": "[parameters('serverName')]",
"database": "[parameters('databaseName')]"
}
}
}
],
"parameters": {
"connectionName": {
"type": "string"
},
"serverName": {
"type": "string"
},
"databaseName": {
"type": "string"
}
}
}
Deployment:
Refer:
Provisioning Azure Logic Apps API Connections with Terraform | by Sharon Hart | Microsoft Azure | Medium by Sharon Hart
azurerm_mysql_server | Resources | hashicorp/azurerm | Terraform | Terraform Registry
azurerm_api_connection | Resources | hashicorp/azurerm | Terraform | Terraform Registry
mssql_user | Resources | betr-io/mssql | Terraform | Terraform Registry
- Terraform directory Structure for common infrastructure on aws for ADO pipeline
- What does "eksctl create iamserviceaccount" do under the hood on an EKS cluster?
- Creating a cloudsql instance in the VPC network of my Project
- Terraform keeps reporting changes - Codepipeline
- Which resource needs a static route through a Transit Gateway API?
- Basic SQL commands in Terraform
- Terraform depends_on needs to wait for an ecs container to start AND BE HEALTHY before it continues
- azapi_resource_action: Invalid value for "str" parameter: string required
- Terraform fails to import key pair with Amazon EC2
- Azure postgresql flexible server restore with terraform
- How can I list Terraform resources with their IDs
- Delete kubernetes node pull with Terraform without cluster recreating
- Azure Container App Fails to Pull Image from ACR: UNAUTHORIZED Authentication Required
- Terraform Gives errors Failed to load plugin schemas
- In rundeck / terraform, how can I use the option block to capture user input and use it in a command block?
- Configure Application Insights for Azure Function App (Terraform)
- terraform error when integrating S3 website redirect with CloudFront
- Nat Gateway Profile for AKS using terraform
- Terraform and Azure: Problems with association between NetworkSecurityGroups and Subnets
- How to save Terraform output variable into a Github Action’s environment variable
- The local or global variables in policies file in SNS are not able to resolve the values
- terraform when using data sources no stored state was found for the given workspace in the given backend
- Upgrading AWS RDS aurora from serverless v1 to serverless v2 using terraform
- How to install multiple or two versions of Terraform?
- Terraform will damage your computer on macOS Intel
- Upgrade terraform to specific version
- Should I commit my .terraform-version file?
- Terraform code not creating multiple rules in Azure Storage lifecycle
- How to resolve 'Step Functions State Machine is not authorized to create managed-rule'?
- How to output URL of Azure Logic Apps with Terraform?