Hi,
I have a use case that I would like to check if it's possible to implement on our environment:
We are using a lot of logic apps (playbooks) which needs an access to a specific storage account in the same resource group.
I want to implement a solution to group all logic apps managed identities into one system-managed identity that will have the "storage account contributor" role.
The purpose is to add them by some condition if they start with the same name for example: LogicApp-1, LogicApp-2 (starts with "LogicApp"), and maybe to allow it to be dynamically so every time a new Logic App will be created with this convention it will automatically be part of this group that has access to the storage account.
They all have access to the storage account as long that the storage account is open to all networks which we want it to be open only to Microsoft services.
Any suggestions where to start?
Thanks,
Sagi.