Azure Logic Apps Standard: Using Access Policies to Secure Shared API Connections
Enterprise integration platforms built on Azure Logic Apps Standard often require multiple Logic Apps within the same resource group to share managed API connections, such as Office 365 or SFTP connectors. Provisioning separate connections for each Logic App increases maintenance overhead, while unrestricted sharing poses security risks. Microsoft's recommended solution combines API Connection Access Policies with Managed Identity, allowing each shared connection to be provisioned once while controlling which Logic App can authenticate to it at the ARM level. Each Logic App is assigned its own system-assigned Managed Identity, and access policies are attached as child resources to specific connections, ensuring that only authorised Logic Apps can use them at runtime. Connections are deployed idempotently via Bicep as a shared infrastructure step, decoupled from individual Logic App deployments.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in