Top / Microsoft Azure / Azure Logic App / Standard

Azure Logic App Standard

This page shows how to write Terraform and Azure Resource Manager for Logic App Standard and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_logic_app_standard (Terraform)

The Standard in Logic App can be configured in Terraform with the resource name azurerm_logic_app_standard. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

logic-app.tf#L1
resource "azurerm_logic_app_standard" "default" {
    name                = "cmpgitopslogicapptf"
    location            = azurerm_resource_group.default.location
    resource_group_name = azurerm_resource_group.default.name

    app_service_plan_id         = azurerm_app_service_plan.default.id

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • name - (Required) Specifies the name of the Logic App Changing this forces a new resource to be created.

  • resource_group_name - (Required) The name of the resource group in which to create the Logic App

  • location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • app_service_plan_id - (Required) The ID of the App Service Plan within which to create this Logic App

  • app_settings - (Optional) A map of key-value pairs for App Settings and custom values.

NOTE: There are a number of application settings that will be managed for you by this resource type and shouldn't be configured separately as part of the app_settings you specify. AzureWebJobsStorage is filled based on storage_account_name and storage_account_access_key. WEBSITE_CONTENTSHARE is detailed below. FUNCTIONS_EXTENSION_VERSION is filled based on version. APP_KIND is set to workflowApp and AzureFunctionsJobHost__extensionBundle__id and AzureFunctionsJobHost__extensionBundle__version are set as detailed below.

  • use_extension_bundle - (Optional) Should the logic app use the bundled extension package? If true, then application settings for AzureFunctionsJobHost__extensionBundle__id and AzureFunctionsJobHost__extensionBundle__version will be created. Default true

  • bundle_version - (Optional) If use_extension_bundle then controls the allowed range for bundle versions. Default [1.*, 2.0.0)

  • connection_string - (Optional) An connection_string block as defined below.

  • client_affinity_enabled - (Optional) Should the Logic App send session affinity cookies, which route client requests in the same session to the same instance?

  • client_certificate_mode - (Optional) The mode of the Logic App's client certificates requirement for incoming requests. Possible values are Required and Optional.

  • enabled - (Optional) Is the Logic App enabled?

  • https_only - (Optional) Can the Logic App only be accessed via HTTPS? Defaults to false.

  • identity - (Optional) An identity block as defined below.

  • site_config - (Optional) A site_config object as defined below.

  • storage_account_name - (Required) The backend storage account name which will be used by this Logic App (e.g. for Stateful workflows data)

  • storage_account_access_key - (Required) The access key which will be used to access the backend storage account for the Logic App

  • storage_account_share_name - (Optional) The name of the share used by the logic app, if you want to use a custom name. This corresponds to the WEBSITE_CONTENTSHARE appsetting, which this resource will create for you. If you don't specify a name, then this resource will generate a dynamic name. This setting is useful if you want to provision a storage account and create a share using azurerm_storage_share

Note: When integrating a CI/CD pipeline and expecting to run from a deployed package in Azure you must seed your app settings as part of terraform code for Logic App to be successfully deployed. Important Default key pairs: ("WEBSITE_RUN_FROM_PACKAGE" = "", "FUNCTIONS_WORKER_RUNTIME" = "node" (or python, etc), "WEBSITE_NODE_DEFAULT_VERSION" = "10.14.1", "APPINSIGHTS_INSTRUMENTATIONKEY" = "").

Note: When using an App Service Plan in the Free or Shared Tiers use_32_bit_worker_process must be set to true.

  • version - (Optional) The runtime version associated with the Logic App Defaults to ~1.

  • tags - (Optional) A mapping of tags to assign to the resource.

connection_string supports the following:

  • name - (Required) The name of the Connection String.

  • type - (Required) The type of the Connection String. Possible values are APIHub, Custom, DocDb, EventHub, MySQL, NotificationHub, PostgreSQL, RedisCache, ServiceBus, SQLAzure and SQLServer.

  • value - (Required) The value for the Connection String.

site_config supports the following:

  • always_on - (Optional) Should the Logic App be loaded at all times? Defaults to false.

  • app_scale_limit - (Optional) The number of workers this Logic App can scale out to. Only applicable to apps on the Consumption and Premium plan.

  • cors - (Optional) A cors block as defined below.

  • dotnet_framework_version - (Optional) The version of the .net framework's CLR used in this Logic App Possible values are v4.0 (including .NET Core 2.1 and 3.1), v5.0 and v6.0. For more information on which .net Framework version to use based on the runtime version you're targeting - please see this table. Defaults to v4.0.

  • elastic_instance_minimum - (Optional) The number of minimum instances for this Logic App Only affects apps on the Premium plan.

  • ftps_state - (Optional) State of FTP / FTPS service for this Logic App Possible values include: AllAllowed, FtpsOnly and Disabled. Defaults to AllAllowed.

  • health_check_path - (Optional) Path which will be checked for this Logic App health.

  • http2_enabled - (Optional) Specifies whether or not the http2 protocol should be enabled. Defaults to false.

  • ip_restriction - (Optional) A List of objects representing ip restrictions as defined below.

-> NOTE User has to explicitly set ip_restriction to empty slice ([]) to remove it.

  • linux_fx_version - (Optional) Linux App Framework and version for the AppService, e.g. DOCKER|(golang:latest). Setting this value will also set the kind of application deployed to functionapp,linux,container,workflowapp

  • min_tls_version - (Optional) The minimum supported TLS version for the Logic App Possible values are 1.0, 1.1, and 1.2. Defaults to 1.2 for new Logic Apps.

  • pre_warmed_instance_count - (Optional) The number of pre-warmed instances for this Logic App Only affects apps on the Premium plan.

  • runtime_scale_monitoring_enabled - (Optional) Should Runtime Scale Monitoring be enabled?. Only applicable to apps on the Premium plan. Defaults to false.

  • use_32_bit_worker_process - (Optional) Should the Logic App run in 32 bit mode, rather than 64 bit mode? Defaults to true.

Note: when using an App Service Plan in the Free or Shared Tiers use_32_bit_worker_process must be set to true.

  • vnet_route_all_enabled - (Optional) Should all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied.

  • websockets_enabled - (Optional) Should WebSockets be enabled?

A cors block supports the following:

  • allowed_origins - (Optional) A list of origins which should be able to make cross-origin calls. * can be used to allow all calls.

  • support_credentials - (Optional) Are credentials supported?

An identity block supports the following:

  • type - (Required) Specifies the identity type of the Logic App Possible values are SystemAssigned (where Azure will generate a Service Principal for you), UserAssigned where you can specify the Service Principal IDs in the identity_ids field, and SystemAssigned, UserAssigned which assigns both a system managed identity as well as the specified user assigned identities.

NOTE: When type is set to SystemAssigned, The assigned principal_id and tenant_id can be retrieved after the Logic App has been created. More details are available below.

  • identity_ids - (Optional) Specifies a list of user managed identity ids to be assigned. Required if type is UserAssigned.

A ip_restriction block supports the following:

  • ip_address - (Optional) The IP Address used for this IP Restriction in CIDR notation.

  • service_tag - (Optional) The Service Tag used for this IP Restriction.

  • virtual_network_subnet_id - (Optional) The Virtual Network Subnet ID used for this IP Restriction.

-> NOTE: One of either ip_address, service_tag or virtual_network_subnet_id must be specified

  • name - (Optional) The name for this IP Restriction.

  • priority - (Optional) The priority for this IP Restriction. Restrictions are enforced in priority order. By default, the priority is set to 65000 if not specified.

  • action - (Optional) Does this restriction Allow or Deny access for this IP range. Defaults to Allow.

  • headers - (Optional) The headers for this specific ip_restriction as defined below.

A headers block supports the following:

  • x_azure_fdid - (Optional) A list of allowed Azure FrontDoor IDs in UUID notation with a maximum of 8.

  • x_fd_health_probe - (Optional) A list to allow the Azure FrontDoor health probe header. Only allowed value is "1".

  • x_forwarded_for - (Optional) A list of allowed 'X-Forwarded-For' IPs in CIDR notation with a maximum of 8

  • x_forwarded_host - (Optional) A list of allowed 'X-Forwarded-Host' domains with a maximum of 8.

The following attributes are exported:

  • id - The ID of the Logic App

  • custom_domain_verification_id - An identifier used by App Service to perform domain ownership verification via DNS TXT record.

  • default_hostname - The default hostname associated with the Logic App - such as mysite.azurewebsites.net

  • outbound_ip_addresses - A comma separated list of outbound IP addresses - such as 52.23.25.3,52.143.43.12

  • possible_outbound_ip_addresses - A comma separated list of outbound IP addresses - such as 52.23.25.3,52.143.43.12,52.143.43.17 - not all of which are necessarily in use. Superset of outbound_ip_addresses.

  • identity - An identity block as defined below, which contains the Managed Service Identity information for this App Service.

  • site_credential - A site_credential block as defined below, which contains the site-level credentials used to publish to this App Service.

  • kind - The Logic App kind - will be functionapp,workflowapp

The identity block exports the following:

  • principal_id - The Principal ID for the Service Principal associated with the Managed Service Identity of this App Service.

  • tenant_id - The Tenant ID for the Service Principal associated with the Managed Service Identity of this App Service.

-> You can access the Principal ID via azurerm_app_service.example.identity.0.principal_id and the Tenant ID via azurerm_app_service.example.identity.0.tenant_id

The site_credential block exports the following:

  • username - The username which can be used to publish to this App Service

  • password - The password associated with the username, which can be used to publish to this App Service.

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Logic App (Standard / Single Tenant)

Note: To connect an Azure Logic App and a subnet within the same region azurerm_app_service_virtual_network_swift_connection can be used. For an example, check the azurerm_app_service_virtual_network_swift_connection documentation.

>> from Terraform Registry

Microsoft.Web/sites (Azure Resource Manager)

The sites in Microsoft.Web can be configured in Azure Resource Manager with the resource name Microsoft.Web/sites. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

template.json#L101
                "ResourceType": "Microsoft.Web/sites",
                "MetricName": "Http5xx",
                "Operator": "GreaterThanOrEqual",
                "Threshold": "50",
                "TimeWindow": "PT5M",
                "Aggregation": "Total"
tests.json#L30
          "resourceType": "Microsoft.Web/sites",
          "allOf": [
              {
                  "path": "kind",
                  "regex": "api$"
              },
v1.6_Export.json#L17
      "type": "Microsoft.Web/sites",
      "apiVersion": "2018-11-01",
      "name": "[parameters('FunctionAppName')]",
      "location": "UK South",
      "kind": "functionapp",
      "properties": {
integration.json
{
    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "deploymentId": {
web4.json#L38
            "type": "Microsoft.Web/sites",
            "name": "[parameters('site_name')]",
            "apiVersion": "2016-08-01",
            "location": "[resourceGroup().location]",
            "scale": null,
            "properties": {
chapter4-azure-template.json#L45
            "type": "Microsoft.Web/sites",
            "apiVersion": "2018-11-01",
            "name": "[parameters('sites_chapter4_iac_dockerimage_name')]",
            "location": "Central US",
            "dependsOn": [
                "[resourceId('Microsoft.Web/serverfarms', parameters('serverfarms_ASP_Chapter4RG_ac17_name'))]"
integration.json
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "infrastructure": {
integration.json
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "infrastructure": {
integration.json
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "infrastructure": {
integration.json
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "infrastructure": {

Parameters

  • apiVersion required - string
  • extendedLocation optional
      • name optional - string

        Name of extended location.

  • identity optional
      • type optional - string

        Type of managed service identity.

      • userAssignedIdentities optional - undefined

        The list of user assigned identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}

  • kind optional - string

    Kind of resource.

  • location required - string

    Resource Location.

  • name required - string

    Unique name of the app to create or update. To create or update a deployment slot, use the {slot} parameter.

  • properties required
      • clientAffinityEnabled optional - boolean

        <code>true</code> to enable client affinity; <code>false</code> to stop sending session affinity cookies, which route client requests in the same session to the same instance. Default is <code>true</code>.

      • clientCertEnabled optional - boolean

        <code>true</code> to enable client certificate authentication (TLS mutual authentication); otherwise, <code>false</code>. Default is <code>false</code>.

      • clientCertExclusionPaths optional - string

        client certificate authentication comma-separated exclusion paths

      • clientCertMode optional - string

        This composes with ClientCertEnabled setting.

        • ClientCertEnabled: false means ClientCert is ignored.
        • ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.
        • ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted.
      • cloningInfo optional
          • appSettingsOverrides optional - string

            Application setting overrides for cloned app. If specified, these settings override the settings cloned from source app. Otherwise, application settings from source app are retained.

          • cloneCustomHostNames optional - boolean

            <code>true</code> to clone custom hostnames from source app; otherwise, <code>false</code>.

          • cloneSourceControl optional - boolean

            <code>true</code> to clone source control from source app; otherwise, <code>false</code>.

          • configureLoadBalancing optional - boolean

            <code>true</code> to configure load balancing for source and destination app.

          • correlationId optional - string

            Correlation ID of cloning operation. This ID ties multiple cloning operations together to use the same snapshot.

          • hostingEnvironment optional - string

            App Service Environment.

          • overwrite optional - boolean

            <code>true</code> to overwrite destination app; otherwise, <code>false</code>.

          • sourceWebAppId required - string

            ARM resource ID of the source app. App resource ID is of the form /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName} for production slots and /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{siteName}/slots/{slotName} for other slots.

          • sourceWebAppLocation optional - string

            Location of source app ex: West US or North Europe

          • trafficManagerProfileId optional - string

            ARM resource ID of the Traffic Manager profile to use, if it exists. Traffic Manager resource ID is of the form /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/trafficManagerProfiles/{profileName}.

          • trafficManagerProfileName optional - string

            Name of Traffic Manager profile to create. This is only needed if Traffic Manager profile does not already exist.

      • containerSize optional - integer

        Size of the function container.

      • customDomainVerificationId optional - string

        Unique identifier that verifies the custom domains assigned to the app. Customer will add this id to a txt record for verification.

      • dailyMemoryTimeQuota optional - integer

        Maximum allowed daily memory-time quota (applicable on dynamic apps only).

      • enabled optional - boolean

        <code>true</code> if the app is enabled; otherwise, <code>false</code>. Setting this value to false disables the app (takes the app offline).

      • hostingEnvironmentProfile optional
          • id optional - string

            Resource ID of the App Service Environment.

      • hostNamesDisabled optional - boolean

        <code>true</code> to disable the public hostnames of the app; otherwise, <code>false</code>. If <code>true</code>, the app is only accessible via API management process.

      • hostNameSslStates optional array
          • hostType optional - string

            Indicates whether the hostname is a standard or repository hostname.

          • name optional - string

            Hostname.

          • sslState optional - string

            SSL type.

          • thumbprint optional - string

            SSL certificate thumbprint.

          • toUpdate optional - boolean

            Set to <code>true</code> to update existing hostname.

          • virtualIP optional - string

            Virtual IP address assigned to the hostname if IP based SSL is enabled.

      • httpsOnly optional - boolean

        HttpsOnly: configures a web site to accept only https requests. Issues redirect for http requests

      • hyperV optional - boolean

        Hyper-V sandbox.

      • isXenon optional - boolean

        Obsolete: Hyper-V sandbox.

      • keyVaultReferenceIdentity optional - string

        Identity to use for Key Vault Reference authentication.

      • redundancyMode optional - string

        Site redundancy mode.

      • reserved optional - boolean

        <code>true</code> if reserved; otherwise, <code>false</code>.

      • scmSiteAlsoStopped optional - boolean

        <code>true</code> to stop SCM (KUDU) site when the app is stopped; otherwise, <code>false</code>. The default is <code>false</code>.

      • serverFarmId optional - string

        Resource ID of the associated App Service plan, formatted as: "/subscriptions/{subscriptionID}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/{appServicePlanName}".

      • siteConfig optional
          • acrUseManagedIdentityCreds optional - boolean

            Flag to use Managed Identity Creds for ACR pull

          • acrUserManagedIdentityID optional - string

            If using user managed identity, the user managed identity ClientId

          • alwaysOn optional - boolean

            <code>true</code> if Always On is enabled; otherwise, <code>false</code>.

          • apiDefinition optional
              • url optional - string

                The URL of the API definition.

          • apiManagementConfig optional
              • id optional - string

                APIM-Api Identifier.

          • appCommandLine optional - string

            App command line to launch.

          • appSettings optional array
              • name optional - string

                Pair name.

              • value optional - string

                Pair value.

          • autoHealEnabled optional - boolean

            <code>true</code> if Auto Heal is enabled; otherwise, <code>false</code>.

          • autoHealRules optional
              • actions optional
                  • actionType optional - string

                    Predefined action to be taken.

                  • customAction optional
                      • exe optional - string

                        Executable to be run.

                      • parameters optional - string

                        Parameters for the executable.

                  • minProcessExecutionTime optional - string

                    Minimum time the process must execute before taking the action

              • triggers optional
                  • privateBytesInKB optional - integer

                    A rule based on private bytes.

                  • requests optional
                      • count optional - integer

                        Request Count.

                      • timeInterval optional - string

                        Time interval.

                  • slowRequests optional
                      • count optional - integer

                        Request Count.

                      • path optional - string

                        Request Path.

                      • timeInterval optional - string

                        Time interval.

                      • timeTaken optional - string

                        Time taken.

                  • slowRequestsWithPath optional array
                      • count optional - integer

                        Request Count.

                      • path optional - string

                        Request Path.

                      • timeInterval optional - string

                        Time interval.

                      • timeTaken optional - string

                        Time taken.

                  • statusCodes optional array
                      • count optional - integer

                        Request Count.

                      • path optional - string

                        Request Path

                      • status optional - integer

                        HTTP status code.

                      • subStatus optional - integer

                        Request Sub Status.

                      • timeInterval optional - string

                        Time interval.

                      • win32Status optional - integer

                        Win32 error code.

                  • statusCodesRange optional array
                      • count optional - integer

                        Request Count.

                      • path optional - string
                      • statusCodes optional - string

                        HTTP status code.

                      • timeInterval optional - string

                        Time interval.

          • autoSwapSlotName optional - string

            Auto-swap slot name.

          • azureStorageAccounts optional - undefined

            List of Azure Storage Accounts.

          • connectionStrings optional array
              • connectionString optional - string

                Connection string value.

              • name optional - string

                Name of connection string.

              • type optional - string

                Type of database.

          • cors optional
          • defaultDocuments optional - array

            Default documents.

          • detailedErrorLoggingEnabled optional - boolean

            <code>true</code> if detailed error logging is enabled; otherwise, <code>false</code>.

          • documentRoot optional - string

            Document root.

          • experiments optional
              • rampUpRules optional array
                  • actionHostName optional - string

                    Hostname of a slot to which the traffic will be redirected if decided to. E.g. myapp-stage.azurewebsites.net.

                  • changeDecisionCallbackUrl optional - string

                    Custom decision algorithm can be provided in TiPCallback site extension which URL can be specified. See TiPCallback site extension for the scaffold and contracts. https://www.siteextensions.net/packages/TiPCallback/

                  • changeIntervalInMinutes optional - integer

                    Specifies interval in minutes to reevaluate ReroutePercentage.

                  • changeStep optional - number

                    In auto ramp up scenario this is the step to add/remove from <code>ReroutePercentage</code> until it reaches \n<code>MinReroutePercentage</code> or <code>MaxReroutePercentage</code>. Site metrics are checked every N minutes specified in <code>ChangeIntervalInMinutes</code>.\nCustom decision algorithm can be provided in TiPCallback site extension which URL can be specified in <code>ChangeDecisionCallbackUrl</code>.

                  • maxReroutePercentage optional - number

                    Specifies upper boundary below which ReroutePercentage will stay.

                  • minReroutePercentage optional - number

                    Specifies lower boundary above which ReroutePercentage will stay.

                  • name optional - string

                    Name of the routing rule. The recommended name would be to point to the slot which will receive the traffic in the experiment.

                  • reroutePercentage optional - number

                    Percentage of the traffic which will be redirected to <code>ActionHostName</code>.

          • ftpsState optional - string

            State of FTP / FTPS service.

          • functionAppScaleLimit optional - integer

            Maximum number of workers that a site can scale out to. This setting only applies to the Consumption and Elastic Premium Plans

          • functionsRuntimeScaleMonitoringEnabled optional - boolean

            Gets or sets a value indicating whether functions runtime scale monitoring is enabled. When enabled, the ScaleController will not monitor event sources directly, but will instead call to the runtime to get scale status.

          • handlerMappings optional array
              • arguments optional - string

                Command-line arguments to be passed to the script processor.

              • extension optional - string

                Requests with this extension will be handled using the specified FastCGI application.

              • scriptProcessor optional - string

                The absolute path to the FastCGI application.

          • healthCheckPath optional - string

            Health check path

          • http20Enabled optional - boolean

            Http20Enabled: configures a web site to allow clients to connect over http2.0

          • httpLoggingEnabled optional - boolean

            <code>true</code> if HTTP logging is enabled; otherwise, <code>false</code>.

          • ipSecurityRestrictions optional array
              • action optional - string

                Allow or Deny access for this IP range.

              • description optional - string

                IP restriction rule description.

              • headers optional - array

                IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..

                • If the property is null or empty (default), all hosts(or lack of) are allowed.
                • A value is compared using ordinal-ignore-case (excluding port number).
                • Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com
                • Unicode host names are allowed but are converted to Punycode for matching. X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..
                • If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed.
                • If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property. X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.
              • ipAddress optional - string

                IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.

              • name optional - string

                IP restriction rule name.

              • priority optional - integer

                Priority of IP restriction rule.

              • subnetMask optional - string

                Subnet mask for the range of IP addresses the restriction is valid for.

              • subnetTrafficTag optional - integer

                (internal) Subnet traffic tag

              • tag optional - string

                Defines what this IP filter will be used for. This is to support IP filtering on proxies.

              • vnetSubnetResourceId optional - string

                Virtual network resource id

              • vnetTrafficTag optional - integer

                (internal) Vnet traffic tag

          • javaContainer optional - string

            Java container.

          • javaContainerVersion optional - string

            Java container version.

          • javaVersion optional - string

            Java version.

          • keyVaultReferenceIdentity optional - string

            Identity to use for Key Vault Reference authentication.

          • limits optional
              • maxDiskSizeInMb optional - integer

                Maximum allowed disk size usage in MB.

              • maxMemoryInMb optional - integer

                Maximum allowed memory usage in MB.

              • maxPercentageCpu optional - number

                Maximum allowed CPU usage percentage.

          • linuxFxVersion optional - string

            Linux App Framework and version

          • loadBalancing optional - string

            Site load balancing.

          • localMySqlEnabled optional - boolean

            <code>true</code> to enable local MySQL; otherwise, <code>false</code>.

          • logsDirectorySizeLimit optional - integer

            HTTP logs directory size limit.

          • managedPipelineMode optional - string

            Managed pipeline mode.

          • managedServiceIdentityId optional - integer

            Managed Service Identity Id

          • minimumElasticInstanceCount optional - integer

            Number of minimum instance count for a site This setting only applies to the Elastic Plans

          • minTlsVersion optional - string

            MinTlsVersion: configures the minimum version of TLS required for SSL requests.

          • netFrameworkVersion optional - string

            .NET Framework version.

          • nodeVersion optional - string

            Version of Node.js.

          • numberOfWorkers optional - integer

            Number of workers.

          • phpVersion optional - string

            Version of PHP.

          • powerShellVersion optional - string

            Version of PowerShell.

          • preWarmedInstanceCount optional - integer

            Number of preWarmed instances. This setting only applies to the Consumption and Elastic Plans

          • publicNetworkAccess optional - string

            Property to allow or block all public traffic.

          • publishingUsername optional - string

            Publishing user name.

          • push optional
              • kind optional - string

                Kind of resource.

              • properties optional
                  • dynamicTagsJson optional - string

                    Gets or sets a JSON string containing a list of dynamic tags that will be evaluated from user claims in the push registration endpoint.

                  • isPushEnabled required - boolean

                    Gets or sets a flag indicating whether the Push endpoint is enabled.

                  • tagsRequiringAuth optional - string

                    Gets or sets a JSON string containing a list of tags that require user authentication to be used in the push registration endpoint. Tags can consist of alphanumeric characters and the following: '_', '@', '#', '.', ':', '-'. Validation should be performed at the PushRequestHandler.

                  • tagWhitelistJson optional - string

                    Gets or sets a JSON string containing a list of tags that are whitelisted for use by the push registration endpoint.

          • pythonVersion optional - string

            Version of Python.

          • remoteDebuggingEnabled optional - boolean

            <code>true</code> if remote debugging is enabled; otherwise, <code>false</code>.

          • remoteDebuggingVersion optional - string

            Remote debugging version.

          • requestTracingEnabled optional - boolean

            <code>true</code> if request tracing is enabled; otherwise, <code>false</code>.

          • requestTracingExpirationTime optional - string

            Request tracing expiration time.

          • scmIpSecurityRestrictions optional array
              • action optional - string

                Allow or Deny access for this IP range.

              • description optional - string

                IP restriction rule description.

              • headers optional - array

                IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..

                • If the property is null or empty (default), all hosts(or lack of) are allowed.
                • A value is compared using ordinal-ignore-case (excluding port number).
                • Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com
                • Unicode host names are allowed but are converted to Punycode for matching. X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..
                • If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed.
                • If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property. X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.
              • ipAddress optional - string

                IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.

              • name optional - string

                IP restriction rule name.

              • priority optional - integer

                Priority of IP restriction rule.

              • subnetMask optional - string

                Subnet mask for the range of IP addresses the restriction is valid for.

              • subnetTrafficTag optional - integer

                (internal) Subnet traffic tag

              • tag optional - string

                Defines what this IP filter will be used for. This is to support IP filtering on proxies.

              • vnetSubnetResourceId optional - string

                Virtual network resource id

              • vnetTrafficTag optional - integer

                (internal) Vnet traffic tag

          • scmIpSecurityRestrictionsUseMain optional - boolean

            IP security restrictions for scm to use main.

          • scmMinTlsVersion optional - string

            ScmMinTlsVersion: configures the minimum version of TLS required for SSL requests for SCM site.

          • scmType optional - string

            SCM type.

          • tracingOptions optional - string

            Tracing options.

          • use32BitWorkerProcess optional - boolean

            <code>true</code> to use 32-bit worker process; otherwise, <code>false</code>.

          • virtualApplications optional array
              • physicalPath optional - string

                Physical path.

              • preloadEnabled optional - boolean

                <code>true</code> if preloading is enabled; otherwise, <code>false</code>.

              • virtualDirectories optional array
                  • physicalPath optional - string

                    Physical path.

                  • virtualPath optional - string

                    Path to virtual application.

              • virtualPath optional - string

                Virtual path.

          • vnetName optional - string

            Virtual Network name.

          • vnetPrivatePortsCount optional - integer

            The number of private ports assigned to this app. These will be assigned dynamically on runtime.

          • vnetRouteAllEnabled optional - boolean

            Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied.

          • websiteTimeZone optional - string

            Sets the time zone a site uses for generating timestamps. Compatible with Linux and Windows App Service. Setting the WEBSITE_TIME_ZONE app setting takes precedence over this config. For Linux, expects tz database values https://www.iana.org/time-zones (for a quick reference see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). For Windows, expects one of the time zones listed under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones

          • webSocketsEnabled optional - boolean

            <code>true</code> if WebSocket is enabled; otherwise, <code>false</code>.

          • windowsFxVersion optional - string

            Xenon App Framework and version

          • xManagedServiceIdentityId optional - integer

            Explicit Managed Service Identity Id

      • storageAccountRequired optional - boolean

        Checks if Customer provided storage account is required

      • virtualNetworkSubnetId optional - string

        Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}

  • tags optional - string

    Resource tags.

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure Logic App Resources

Frequently asked questions

What is Azure Logic App Standard?

Azure Logic App Standard is a resource for Logic App of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Logic App Standard?

For Terraform, the CMPGitOpsInnovation/logic-app-ase source code example is useful. See the Terraform Example section for further details.

For Azure Resource Manager, the SkillsFundingAgency/dfc-providerportal-monitoring, ajf214/personal-arm-templates and mrpaulandrew/procfwk source code examples are useful. See the Azure Resource Manager Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents