Share via

Access control configuration of Logic App changing after CI-CD deployment

Priya Jha 896 Reputation points
2023-02-28T14:28:06.8233333+00:00

Hi All,

I have set Access control configuration in workflow settings as "Only other Logic App" for my logic app.

But when i am performing CI-CD deployment for this logic app which includes it's arm template deployment, the access control configuration is getting reverted to "Any IP"

Tried with "Specific IP" option and again after deployment, the setting is getting reverted to "Any IP"

Is there a way to handle this in Arm template?

If not then can we add some task in CI-CD pipeline to update this setting after deployment?

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,390 questions
Accepted answer
  1. MayankBargali-MSFT 70,861 Reputation points
    2023-03-01T08:37:24.7166667+00:00

    @Priya Jha Thanks for reaching out. Yes, you can define the Access control setting on your consumption logic app using the ARM template. This document already covers it in detail.

    In your ARM template, specify the allowed inbound IP address ranges in your logic app's resource definition by using the accessControl section. In this section, use the triggers, actions, and the optional contents sections as appropriate by including the allowedCallerIpAddresses section with the addressRange property and set the property value to the allowed IP range in x.x.x.x/x or x.x.x.x-x.x.x.x format.

    • If your nested logic app uses the Only other Logic Apps option, which permits inbound calls only from other logic apps that use the built-in Azure Logic Apps action, set the allowedCallerIpAddresses property to an empty array ([]), and omit the addressRange property.
    • If your nested logic app uses the Specific IP ranges option for other inbound calls, such as other logic apps that use the HTTP action, include the allowedCallerIpAddresses section, and set the addressRange property to the allowed IP range.

    For specific IP:

     "accessControl": {
               "triggers": {
                  "allowedCallerIpAddresses": [
                     {
                        "addressRange": "192.168.12.0/23"
                     }
                  ]
               },
               "actions": {
                  "allowedCallerIpAddresses": [
                     {
                        "addressRange": "192.168.12.0/23"
                     }
                  ]
               }
            }

    For only other logic app:

    "accessControl": {
               "triggers": {
                  "allowedCallerIpAddresses": []
               },
               "actions": {
                  "allowedCallerIpAddresses": []
               },
               // Optional
               "contents": {
                  "allowedCallerIpAddresses": []
               }

    Please leverage the document and above same section for accessControl parameter. Feel free to get back to me if you need any assistance.

    Please accept as "Yes" if the answer is helpful so that it can help others in the community. If you need any help/clarification/concerns/follow up questions, then please click on "Add Comment" on my answer and provide more details.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.