Azure Key Vault access policy to allow Logic App (standard): 're

Azure Key Vault access policy to allow Logic App (standard): 'resource not found'

I'm trying to setup an access policy in my ARM template to allow my logic app to access Key Vault. Both resources are already created but when I'm running my pipeline it is coming up that the logic app resource is not found (it already exists).

Error: The Resource 'Microsoft.Logic/workflows/logicappName' under resource group 'resourceGroupName' was not found.

Policy:

{
                "tenantId": "[parameters('tenantId')]",
                "objectId": "[reference(concat(resourceId('Microsoft.Logic/workflows', variables('logicAppName'))), '2021-01-15').principalId]",
                "permissions": {
                    "keys": [],
                    "secrets": ["get", "list"],
                    "certificates": []
                }
            }

I've tried API's: 2019-05-01 and 2018-11-30 too. They're both in the same network

EDIT: If I use logic app's objectId without trying to referencing it, it works.

I'm expecting for the Logic app to be able to read secrets from Key Vault, I've already set this up with App Service in the exact same policy (for app service)

Answers

It seems like you're encountering an issue when trying to reference the Logic App resource within your ARM template. The error message suggests that the Logic App resource is not being found during the deployment process, even though it exists.

Here are a few things you can check and try to resolve the issue:

1. Verify Resource Existence: Double-check that the Logic App resource does indeed exist in the specified resource group. Sometimes typos or incorrect resource group names can cause this issue.

2. Resource Naming: Ensure that the logicAppName variable used to reference the Logic App resource matches the actual name of the Logic App resource in Azure. Case sensitivity matters.

3. Resource Deployment Order: If the Logic App resource is being created or modified in the same deployment script where the policy is being applied, ensure that the Logic App resource is deployed before applying the policy. Azure resources must exist before they can be referenced.

4. Permissions: Ensure that the service principal or user assigned to the Logic App has sufficient permissions to access the Key Vault. You can manually verify this in the Azure portal by checking the Access Policies of the Key Vault.

5. Syntax: Double-check the syntax of your ARM template to ensure there are no syntax errors or typos that could cause the Logic App resource to be referenced incorrectly.

6. Diagnostic Logging: Enable diagnostic logging for your ARM template deployment to get more detailed information about what might be causing the issue. This can help pinpoint the exact problem.

If you've verified all these aspects and are still facing the issue, it might be helpful to provide more details about your ARM template structure and the context in which it's being deployed, so that further assistance can be provided.