question

Nmpatel312 avatar image
0 Votes"
Nmpatel312 asked bhargaviannadevara-msft commented

ARM Template setting for App service to connect(Diagnose and Solve Problem) with Application Insights

Hello,

As title says, Under Diagnose and Solve Problem\Activity and Performance of App Service, I see connect button to connect app service with application insights. I am looking for ARM template settings/powershell commands to automate connection process rather than manually connecting from portal.

similar to : https://azure.github.io/AppService/2020/04/21/Announcing-Application-Insights-Integration-with-App-Service-Diagnostics.html

When enabling from portal, it creates hidden tag with app ID and api key in ARM template. But we are looking for more of general setting.

We have application insights already enabled for app services.

128742-image.png

Thanks in advance.


azure-webapps-monitoring
image.png (23.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Nmpatel312 Thanks for reaching out. I've reached out to our internal teams to check on this and will let you know as I have more details.

0 Votes 0 ·

1 Answer

bhargaviannadevara-msft avatar image
0 Votes"
bhargaviannadevara-msft answered

@Nmpatel312 Thanks for reaching out and apologies for not getting back sooner here.

When enabling from portal, it creates hidden tag with app ID and api key in ARM template. But we are looking for more of general setting.

Yes, this is how the integration works under the hood. As mentioned in the referenced blog post:

When you click Connect, an API key for your Application Insights is generated with read-only access to the telemetry and this API key along with the AppId for the Application Insights resource are stored as a hidden tag in ARM at the Azure App Service app level.

On the App Services side, you should see a new tag created at the app level with the name hidden-related:diagnostics/applicationInsightsSettings. The AppId is stored as is, but the API Key is encrypted using an internal key, so it is kept protected and not left as clear text. Using this information, App Services Diagnostics can query the Application Insights resource and is able to merge both the experiences together.

Coming to your requirement:

I am looking for ARM template settings/powershell commands to automate connection process rather than manually connecting from portal.

Sure, please use the following PowerShell script to integrate Application Insights with App Service Diagnostics programmatically:

# Before running this script, run the following commands from an elevated Powershell console 
# ---------------------------------------------------------------------------------------------
#     Install-Module -Name PowershellGet -Repository PSGallery -Force -AllowClobber
#     Install-Module -Name Az.ApplicationInsights -RequiredVersion 1.0.3
#     Install-Module -Name Az.Resources

# IMPORTANT
# ==========
# Make sure the machine does not have any AzureRM version of commands installed. If it has run the following
#     Uninstall-Module -Name AzureRm -AllVersions -Force

# Both Application Insights and Azure Web App should be in same subscription
$subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"   

# Website on which AppInsights integration should be enabled
$siteName = "AppServiceDiagnosticsApp"
$siteResourceGroup = "AppServiceDiagnostics-RG"

# AppInsights resource which should be integrated with
$appinsightsName = "AppServiceDiagnosticsAppAI"
$appinsightsResourceGroup = "AppServiceDiagnostics-RG" 

Connect-AzAccount | Out-Null
Set-AzContext -Subscription $subscriptionId  | Out-Null

$appInsightsKeyName = "APPSERVICEDIAGNOSTICS_READONLYKEY_$siteName_" + (get-date).ticks
$permissions = @("ReadTelemetry")

$token = Get-AzAccessToken
"Got Access Token"

try
{
    $newApiKey = New-AzApplicationInsightsApiKey -ResourceGroupName $appinsightsResourceGroup -Name $appinsightsName -Permissions $permissions -Description $appInsightsKeyName -ErrorAction Stop
    $appInsights = Get-AzApplicationInsights -ResourceGroupName $appinsightsResourceGroup -Name $appinsightsName

    "Got App Insights Resource"

    $headers = @{
        "Authorization"="Bearer $token"; 
        "Accept"="application/json"; 
        "appinsights-key"=$newApiKey.ApiKey
    }

    $keyAfterEncryption = Invoke-RestMethod -Uri https://appservice-diagnostics.azurefd.net/api/appinsights/encryptkey -Headers $headers -ContentType 'application/json' -ErrorAction Stop

    "Generated Encryption Key"

    $webSiteResource = Get-AzResource -Name $siteName -ResourceGroup $siteResourceGroup -ResourceType "Microsoft.Web/sites" -ErrorAction Stop

    "Got Website resource"

    $applicationInsightsSettingsTag = @{"ApiKey"=$keyAfterEncryption;"AppId"= $appInsights.AppId}
    $tagValue = $applicationInsightsSettingsTag | ConvertTo-Json -Compress
    $tags = @{"hidden-related:diagnostics/applicationInsightsSettings"= $tagValue}

    "Updating Website resource tag..."

    Update-AzTag -ResourceId $webSiteResource.id -Tag $tags -Operation Merge -ErrorAction Stop | Out-Null

    "AppInsights Integration configured successfully!"
}
catch 
{
    Write-Host "An error occurred:"
    Write-Host $_
}

This should help you simulate the integration as done from the Azure Portal.

Hope this helps. Do let us know if you have further questions.



If an answer is helpful, please "Accept answer" and/or "Up-Vote" which might help other community members reading this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.