Welcome again to another Logic Apps Best Practices, Tips, and Tricks post. Today, we will discuss how to apply workflow Locks to Logic Apps Consumption in Visual Studio Logic App projects
How to apply workflow Locks to Logic App Consumption in Visual Studio Logic App projects
Did you know you can apply a lock directly to your Logic App using the ARM (Azure Resource Manager) template in Visual Studio? This feature allows you to protect your Logic App from accidental deletion or modifications without affecting the entire resource group, and it’s all done within the LogicApp.json file.
How locks works
When creating a Logic App Consumption project in Visual Studio, you can include a lock resource in the LogicApp.json file (the ARM Template file). This lock is deployed alongside your Logic App, ensuring it’s protected from the moment it’s created.
Here’s how the lock is defined within the template:
{
"type": "Microsoft.Authorization/locks",
"apiVersion": "2016-09-01",
"name": "Lock-For-LogicApp",
"properties": {
"level": "CanNotDelete",
"notes": "Lock applied to prevent accidental deletion"
},
"dependsOn": [
"[resourceId('Microsoft.Logic/workflows', parameters('logicAppName'))]"
],
"scope": "[concat(resourceGroup().id, '/providers/Microsoft.Logic/workflows/', parameters('logicAppName'))]"
}Let’s break down the key components:
- Type: Microsoft.Authorization/locks indicate that this is a lock resource.
- Name: Lock-For-LogicApp is a descriptive name for the lock.
- Properties:
- level: Set to CanNotDelete to prevent accidental deletion. You could also use ReadOnly to prevent any modifications.
- notes: A description of why the lock is applied.
- DependsOn: Ensures that the Logic App is created before the lock is applied.
- Scope: This crucial part targets the lock to the specific Logic App. It uses the resourceGroup().id to get the current resource group and then appends the path to the Logic App resource.
What are the benefits of this approach?
We may say that these are some of the benefits of the lock approach:
- Integrated Protection: The lock is part of your Logic App’s ARM template, ensuring it’s always deployed with the app.
- Visual Studio Integration: You can manage the lock directly in your Visual Studio project.
- Version Control: The lock is versioned alongside your Logic App definition in source control.
- Consistency: Ensures that the lock is always applied when the Logic App is deployed, preventing oversights.
How to Implement locks through Logic App Consumption Visual Studio project?
To implement this approach inside the Visual Studio project, you need to:
- Open your Logic App project in Visual Studio.
- In the Solution Explorer, find and open the LogicApp.json file.
- Locate the resources array in the JSON file.
- Add the lock resource definition (as shown) to the resources array.
- Adjust the name and notes as needed for your specific use case.
- Ensure the dependsOn array correctly references your Logic App resource.
- Save the file and deploy your Logic App as usual – the lock will be created along with your Logic App.
- You can also create a lock for the entire resource group.
Considerations
- Users with appropriate permissions can still remove the lock if necessary.
- If you need to update or delete the Logic App, you’ll need to remove the lock first.
- Consider using parameters for the lock name or level to make your template more flexible.
By using this method in Visual Studio, you can ensure that your critical Logic Apps are protected from accidental changes or deletion, adding an extra layer of safety to your Azure resources directly from your development environment.
