Logic app - no permission to query subscription?

Question

Afternoon all

Trying to get a logic app to run a query on a log analytics workspace and email the results on a weekly basis. Created a service principal, and have given it Reader access at Subscriptions level and I'm allowed to create the connection, but when I try to populate the drop down in Designer, it's throwing with an error:

Could not retrieve values. Error executing the api '/listSubscriptions'. Client request id: 'undefined'

As seen here: https://imgur.com/a/CDp1g6L

I was following this guide, and it's failing to populate those list boxes: https://thomasthornton.cloud/2020/11/09/log-analytics-queries-to-csv-emailed-using-azure-logic-apps

Tried temporarily giving it permissions as subscription Owner, same deal. Also the same error with the logic app's own System Managed Identity. Got it to work in a different subscription by using my global admin ID, but I don't want to do that as it's of course dependent on that account and it's way too privileged.

I also tried editing in the correct values in code view, just in case it was only some enumeration error, but the test run fails with:

"Message": "Failed to get valid request parameters. Authorization Error

In my other subscription, I also tried giving the account permissions at the root Tenant level, in case it was purely unable to evaluate all subscriptions, but no joy, same error when using Managed Identities or Service Principals.

I'm at a loss. Any ideas?

Answer 1

Similar Discussion: https://learn.microsoft.com/en-us/answers/questions/263744/trouble-connecting-to-monitor-log-in-logic-app.html