azure - ARM template for Event Grid API Connection with managed identity

Question

When creating a new Event Grid connection from a Logic App, one can select from the following 3 authentication methods for the connection:

1. Sign in
2. Service principal
3. Managed identity

#1 Sign in requires a user to sign in / authenticate interactively.

#2 Service principal requires Tenant, Client ID, and Client Secret values to be provided.

It is clear how an ARM template for such an API connection would need to be amended: the parameterValues need to be added as follows.

"parameterValues": {
  "token:clientId": "[parameters('ConnectionClientId')]",
  "token:clientSecret": "[parameters('ConnectionClientSecret')]",
  "token:TenantId": "[parameters('ConnectionTenantId')]",
  "token:resourceUri": "https://management.core.windows.net/",
  "token:grantType": "client_credentials"
}

#3 Managed identity requires only the managed identity to be selected. While it is clear how to create such an API connection interactively, I couldn't find any information on the ARM template format for such an authentication method.

So the question is - how exactly should an ARM template for Event Grid connection with managed identity look like? So that the created API connection looks as follows:

question from:https://stackoverflow.com/questions/65915994/arm-template-for-event-grid-api-connection-with-managed-identity

Answer 1

The answer seems to be, at the moment, seeing as this is still in preview (afaik)

To create a managed Identity api connection using ARM Templates, you need to include "parameterValueType": "Alternative"

"properties": {
  "displayName": "ARM API connection",
  "customParameterValues": {},
  "parameterValueType": "Alternative",
  "api": {
    "id": "[concat('/subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/arm')]"
  }
}

I've found no documentation of this property. The only reason I found out was by looking at the raw json (json view) of an api connection I created using the portal.