This code accompanies the blog post Saving money with Azure Logic Apps and is provided as is.
To deploy these Logic Apps, you need to create a User Assigned Managed Identity and grant it the necessary permissions to interact with your resources.
-
Clone the repository:
git clone https://github.com/russmckendrick/money-saving-azure-logic-apps.git cd money-saving-azure-logic-apps -
Set Environment Variables:
export RESOURCE_GROUP_NAME="rg-logicapps-automation" export REGION="uksouth" export SUBSCRIPTION_ID=$(az account show --query id --output tsv) export MANAGED_ID_NAME="mi-logicapps-automation" export LOGIC_APP_NAME="la-fabricCapacityPause" # Change as needed
-
Create Resource Group & Managed Identity:
az group create --name $RESOURCE_GROUP_NAME --location $REGION az identity create --resource-group $RESOURCE_GROUP_NAME --name $MANAGED_ID_NAME
-
Assign Roles (Permissions): The Managed Identity needs Reader access to the subscription to list resources, plus specific permissions for the resources it manages.
-
Common (Reader on Subscription):
az role assignment create \ --assignee-principal-type "ServicePrincipal" \ --assignee-object "$(az identity show --resource-group $RESOURCE_GROUP_NAME --name $MANAGED_ID_NAME --query principalId --output tsv)" \ --role "Reader" \ --scope "/subscriptions/$SUBSCRIPTION_ID"
-
For Virtual Machines (Virtual Machine Contributor):
az role assignment create \ --assignee-principal-type "ServicePrincipal" \ --assignee-object "$(az identity show --resource-group $RESOURCE_GROUP_NAME --name $MANAGED_ID_NAME --query principalId --output tsv)" \ --role "Virtual Machine Contributor" \ --scope "/subscriptions/$SUBSCRIPTION_ID"
-
For Fabric Capacities (Contributor): Note: "Fabric Capacity Contributor" or similar specific roles may be preferred if available, but "Contributor" on the resource group is often used for broad automation context.
az role assignment create \ --assignee-principal-type "ServicePrincipal" \ --assignee-object "$(az identity show --resource-group $RESOURCE_GROUP_NAME --name $MANAGED_ID_NAME --query principalId --output tsv)" \ --role "Contributor" \ --scope "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/YOUR_FABRIC_RESOURCE_GROUP"
-
-
Deploy Logic App:
az logic workflow create \ --resource-group $RESOURCE_GROUP_NAME \ --location $REGION \ --name $LOGIC_APP_NAME \ --mi-user-assigned "$(az identity show --resource-group $RESOURCE_GROUP_NAME --name $MANAGED_ID_NAME --query id --output tsv)" \ --state "Disabled" \ --definition "fabricCapacityPause.json"
-
Update Parameters:
# Update Managed Identity ID az logic workflow update \ --resource-group $RESOURCE_GROUP_NAME \ --name $LOGIC_APP_NAME \ --set "definition.parameters.managedId.defaultValue=$(az identity show --resource-group $RESOURCE_GROUP_NAME --name $MANAGED_ID_NAME --query id --output tsv)" # Update Subscription ID az logic workflow update \ --resource-group $RESOURCE_GROUP_NAME \ --name $LOGIC_APP_NAME \ --set "definition.parameters.subscriptionId.defaultValue=$SUBSCRIPTION_ID"