Azure Logic App Terraform Module

Dynamic Terraform module, which creates a Logic App and others resources.

Table of Contents

• Module versioning rule
• How to Use
  • Basic
  • Disable SAS Scheme
• Examples
• Requirements
• Providers
• Modules
• Resources
• Inputs
• Outputs
• License

Module versioning rule

Module version	Azure Provider version
>= 1.x.x	=> 3.22

How to Use

Basic

module "logic_app" {
  source              = "fdmsantos/logicapp/azurerm"
  version             = "x.x.x"
  name                = "logicapp-name"
  location            = "westeurope"
  resource_group_name = "<resource-group"
  identity_type       = "SystemAssigned"
  connections_parameters = [
    module.azureblob_api_connection.logic_app_parameter,
    module.sharepoint_api_connection.logic_app_parameter
  ]
  workflow_parameters = {
    storage_account_name : {
      type : "String",
      defaultValue : "storageaccountname"
    }
  }
  http_triggers = {
    "HTTP_Trigger" = {
      method = "POST",
      schema = file("${path.module}/templates/triggers/http_trigger.json")
    }
  }
  recurrence_triggers = {
    run-every-day = {
      frequency        = "Day"
      interval         = 1
    }
  }
  custom_actions = {
    "Initialize_variable" : file("${path.module}/templates/actions/initialize_variable.json")
  }
  tags = {
    env: "dev"
  }
}

Disable SAS Scheme

• Configuring authentication_policies doesn't disable the Shared Access Signature (SAS) Scheme.
• To Disable the SAS scheme it's necessary create condition on http trigger. When disable_sas_auth_schema set it to true, will create this condition on http trigger.
• Due azurerm_logic_app_workflow resource limitations, this is only supported in http and webhook triggers configured using custom_triggers. Please check the following example to more info.

Examples

• Complete - Creates Logic App with all supported features.
• Basic - Creates Simple Logic App.
• Disable SAS Scheme - Create Logic App with Microsoft Entra ID OAuth as the only option to call a request endpoint.

Requirements

Name	Version
terraform	>= 0.13.1
azurerm	>= 3.22

Providers

Name	Version
azurerm	>= 3.22

Modules

No modules.

Resources

Name	Type
azurerm_logic_app_action_custom.this	resource
azurerm_logic_app_trigger_custom.this	resource
azurerm_logic_app_trigger_http_request.this	resource
azurerm_logic_app_trigger_recurrence.this	resource
azurerm_logic_app_workflow.workflow	resource

Inputs

Name	Description	Type	Default	Required
actions_allowed_caller_ip_address_range	Restrict calls to triggers in this logic app to the provided IP ranges. IP addresses can be either IPv4 or IPv6 and accepts range and bitmask range formats.	list(string)	[]	no
authentication_policies	Map of authentication policies to apply in this Logic app.	map(list(object({ claim_name = string claim_value = string })))	{}	no
connections_parameters	Parameters related with API Connections.	list(map(any))	[]	no
contents_allowed_caller_ip_address_range	Restrict calls to get input and output messages from run history to the provided IP ranges. IP addresses can be either IPv4 or IPv6 and accepts range and bitmask range formats.	list(string)	[]	no
custom_actions	Map of Logic App Custom Actions.	map(string)	{}	no
custom_triggers	Map of Custom Triggers.	map(object({ body = string }))	{}	no
disable_sas_auth_schema	This will create an condition on Http Triggers to enable the request be only from Microsoft Entra ID. Only Supports HTTP Triggers Configured via Custom Triggers and only makes sense when authentication_policies are configured.	bool	false	no
enabled	Is the Logic App enabled? Defaults to true	bool	true	no
http_triggers	Map of Logic App HTTP Triggers.	map(object({ schema = string method = optional(string, null) relative_path = optional(string, null) }))	{}	no
identity_ids	Specifies a list of User Assigned Managed Identity IDs to be assigned to this Logic App.	list(string)	[]	no
identity_type	Specifies the type of Managed Service Identity that should be associated with this Logic App.	string	null	no
integration_service_environment_id	The ID of the Integration Service Environment to which this Logic App Workflow belongs. Changing this forces a new Logic App Workflow to be created.	string	null	no
location	Specifies the Azure Region where the logic app should exists. Changing this forces a new resource to be created.	string	n/a	yes
logic_app_integration_account_id	The ID of the integration account linked by this Logic App Workflow.	string	null	no
name	Specifies the name of the Logic App. Changing this forces a new resource to be created.	string	n/a	yes
parameters	A map of Key-Value pairs. Any parameters specified must exist in the Schema defined in workflow_parameters.	map(any)	{}	no
recurrence_triggers	Map of Logic App Recurrence Triggers.	map(object({ frequency = string interval = number start_time = optional(string, null) time_zone = optional(string, null) at_these_minutes = optional(list(number), []) at_these_hours = optional(list(number), []) on_these_days = optional(list(string), []) }))	{}	no
resource_group_name	Specifies the name of the Resource Group where the logic should exists. Changing this forces a new resource to be created.	string	n/a	yes
tags	A map of tags to assign to resources.	map(string)	{}	no
triggers_allowed_caller_ip_address_range	Restrict calls to triggers in this logic app to the provided IP ranges. IP addresses can be either IPv4 or IPv6 and accepts range and bitmask range formats.	list(string)	[]	no
workflow_management_allowed_caller_ip_address_range	Restrict workflow management in this logic app to the provided IP ranges. IP addresses can be either IPv4 or IPv6 and accepts range and bitmask range formats.	list(string)	[]	no
workflow_parameters	Specifies a map of Key-Value pairs of the Parameter Definitions to use for this Logic App Workflow. The key is the parameter name, and the value is a JSON encoded string of the parameter definition (see: https://docs.microsoft.com/azure/logic-apps/logic-apps-workflow-definition-language#parameters).	map(object({ type = string defaultValue = any allowedValues = optional(list(string), []) metadata = optional(object({ description = optional(string, null) }), {}) }))	{}	no
workflow_schema	Specifies the Schema to use for this Logic App Workflow. Defaults to https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#	string	"https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#"	no
workflow_version	Specifies the version of the Schema used for this Logic App Workflow. Defaults to 1.0.0.0. Changing this forces a new resource to be created.	string	"1.0.0.0"	no

Outputs

Name	Description
access_endpoint	The Access Endpoint for the Logic App Workflow.
connector_endpoint_ip_addresses	The list of access endpoint IP addresses of connector for the Logic App Workflow.
connector_outbound_ip_addresses	The list of outgoing IP addresses of connector for the Logic App Workflow.
custom_triggers	Logic App Custom Triggers.
http_triggers	Logic App Http Triggers.
id	The Logic App ID.
identity	Logic App Identity
recurrence_triggers	Logic App Recurrence Triggers.
workflow_endpoint_ip_addresses	The list of access endpoint IP addresses of workflow for the Logic App Workflow.
workflow_outbound_ip_addresses	The list of outgoing IP addresses of workflow for the Logic App Workflow.

License

Apache 2 Licensed. See LICENSE for full details.