A few days ago I wrote a blog post about How to set an API connection to use Logic Apps Managed Identity inside Visual Studio 2019. And after I got this configuration working and managed to successfully deploy the Logic App, proven by the fact that it was running successfully in my subscription, I was a bit surprised that after I implemented some fine-tuning in the Logic App logic, this meant having changed the Logic App with small changes that had no impact on the action of the connector that was using Managed Service Identity to receive the following error:
Template deployment returned the following errors:
The deployment ‘logicapp-XXXX-XXXX’ failed with error(s). Showing 1 out of 1 error(s).
Status Message: The workflow connection parameter ‘azureblob’ is not valid. The API connection ‘azureblob’ is configured to support managed identity but the connection parameter is either missing ‘authentication’ property in connection properties or authentication type is not ‘ManagedServiceIdentity’. (Code:WorkflowManagedIdentityConfigurationInvalid)
Deploying template using PowerShell script failed.
Cause
The cause of this issue was not simple to understand and find, but after a few minutes, I realized, and I was able to prove by reproducing this behavior several times, that any changes you make on your Logic App this will delete the Managed Service Identity from the connection parameters inside the Logic App ARM Template.
When I was checking the, in my case, azure blob connection configurations, I realized that the current existing configuration was:
"parameters": {
"$connections": {
"value": {
"azureblob": {
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('logicAppLocation'), '/managedApis/', 'azureblob')]",
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('azureblob_Connection_Name'))]",
"connectionName": "[parameters('azureblob_Connection_Name')]"
}
}
}
}
Instead of what I described in my previous blog post:
"parameters": {
"$connections": {
"value": {
"azureblob": {
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('logicAppLocation'), '/managedApis/', 'azureblob')]",
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('azureblob_Connection_Name'))]",
"connectionName": "[parameters('azureblob_Connection_Name')]",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
}
}
}
}
}
Solution
The steps to solve this issue are quite simple, you just need to set up the authentication parameter to be Managed Service Identity. To do that, you need to:
- Search for your connector name, in my case, type azureblob.
- Find the Azureblob connection properties inside your Logic App parameters > connections. and then add the following settings:
"parameters": {
"$connections": {
"value": {
"azureblob": {
"id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('logicAppLocation'), '/managedApis/', 'azureblob')]",
"connectionId": "[resourceId('Microsoft.Web/connections', parameters('azureblob_Connection_Name'))]",
"connectionName": "[parameters('azureblob_Connection_Name')]",
"connectionProperties": {
"authentication": {
"type": "ManagedServiceIdentity"
}
}
}
}
}
}
After this, I was able to, once again, successfully deploy our Logic App Consumption.
Note that every time you change anything inside the Logic App designer, this ConnectionProperties section will be removed from our ARM Template. You must always add it. For me, this is a small bug-
I hope you find this helpful! If you liked the content or found it helpful and want to help me write more content, you can buy (or help buy) my son a Star Wars Lego!