Azure Logic Apps - unsung heroes of automation?
Logic Apps are a low code service that allows automation of specific tasks in a robust, secure and scalable manner.
Logic Apps are a low code service that allows automation of specific tasks in a robust, secure and scalable manner. Although they are easy to get started with, and flexible to maintain, do consider to have a think about architecture, security and governance when rolling this out in your IT landscape.
Although arguable better then other, coded, solutions in specific automation tasks, experience is key for a secure and maintainable architecture. Make sure the team has ample knowledge and experience to prevent some pitfalls from the start.
With some basic guidance, by using Logic App your automation tasks will become a lot easier, less dependent on dedicated infrastructure, code, specific technical knowledge and in that sense cheaper to run and operate.
What are logic apps
Logic Apps is a low code solution that allows (citizen) developers to create automation tasks. These tasks can be based on lots of different types of "triggers" and performs actions based on input from this trigger or input retrieved in the Logic App workflow.
The technology is part of Azure Integration Services, and as such Logic Apps are often used to perform integration actions (copy files/information, transform data) but they can also be used natively to perform more complex actions or eg send an emails based on a trigger.
Historically, the Microsoft integration services where part of a platform called BizTalk, which is now being phased out by Microsoft and will go out of support in 2028 although it is still in use by a lot of companies. What BizTalk used to be is now a set of Azure service that complement each other to provide the same or similar functionality.
Because a Logic App is a low code solution, the primary means to create a Logic app is to use the Designer in the Azure portal but for tech savvy people it is possible to edit the underlying configuration directly for example in the VSCode development environment.
That said, Logic Apps are a design-first solution and most people create them visually before exporting the code for eg version management.
Closely related to Logic Apps is the Microsoft Office Power Automate platform, which is essentially an end user front end for Logic Apps within the M365 workspace. The biggest aspect to keep in mind here is that a Power Automate workflow runs in the userspace of a Office license and as such is linked to a specific Office/M365 account. While a Logic App runs in Azure as a service, independent of any user.
How to use logic apps
When you want to automate a clearcut scenario, Logic Apps really shine. So for example when you want to copy/convert a file when it is stored in a certain location or when you want to transform data like a CSV to JSON. In more complex transformation scenarios you could use Azure Data Factory as a orchestration tool and do the brunt of the transformation work in Logic Apps. You'll notice a sharp drop in costs!
During development you can easily drag and drop steps into your flow and the Azure portal supports providing test data to verify the working of your Logic App. This make creating a workflow is almost Childs play.
One thing to consider is that Logic Apps are stateless or stateful. The key difference is performance (costs) where stateless Logic Apps are a lot more performant and will scale in that sense much better for a lower cost. What I would advice though is to use stateful Logic Apps as much as possible for the simple reason they are a lot easier to maintain because you can see the execution details of each run. When investigating problems this will help you trace any issue. For stateless Logic Apps you can enable logging on an ad hoc basis but you'll notice you would want to see the details of a run only after the event. So unless you can eg replicate a failed run, its easier to have the logs in detail by default.
Why to use Logic Apps
The biggest benefit is that Logic Apps provide you with an easy to use, low code environment to run robust enterprise-level automation tasks. Its easy to start using Logic Apps and the learning curve is low. In terms of stability and availability, I've never noticed any issues except for with dependent systems. If eg you source files storage environment is down any Logic Apps depending on this will fail obviously. So in terms of your SLA expectations, always consider that the availability percentage of your environment is a multiply of the availability percentage of all used environments: (availability1 * availability2 * availabilityX) / 100.
Maintaining you Logic Apps is extremely easy, especially if you use the stateful variant that logs all the details of every step in the flow in detail. Debugging has never been so easy!
Costs
In terms of costs, this is based on a pay per use model especially if you use the Consumption plan. Do consider that in Production scenarios you likely need the Standard plan that includes additional (security) features. In general, Logic Apps are a cheap solution to automation tasks.
https://azure.microsoft.com/en-us/pricing/details/logic-apps/#pricing
Pitfalls
As often with easy to use tools, the biggest pitfall is to exceed the intended use case. Logic Apps provide a lot of capabilities to perform eg complex transformations using eg IF/THEN/ELSE flows of CASE flows. The complexity rises, though, with the added potential paths through the Logic App. With every potential path, the difficulty doubles and testing all the scenarios becomes really complex. The takeaway here is to keep your Logic App simple, straightforward and let it focus on one task. If needed you can always split a Logic app into multiple to keep the logic understandable and testable.
Also consider using a DTAP model to separate the development, testing and production environments. Unfortunately, the Logic App platform does not support versioning in eg the same way as a Power App manages new versions of your app. This means you will have to setup source control and export the Logic App JSON configuration to that. Its one extra step but should not be a big inconvenience. You could use Bicep to automate your IaaC through a DevOps pipeline, including the Logic App deployment. One thing to think about is that you likely would want to have 4 Logic Apps (each for every DTAP environment) so you can continue your development and testing without impacting production.
Securing your Logic Apps
One of the key underestimated aspects of Azure development is the security. Although Microsoft gives this the right amount of attention in their training and eg reference architectures, it is often neglected in the Getting Started and Pricing Calculator webpages of Microsoft. I would certainly suggest a Security By Design approach that contains a proper evaluation on the attack surface and potential hazards. This does not mean you have to always go all-in but do consider there is more to setting up a Logic App then just clicking next-next-finish.
An example is to never store any authentication details in your Logic App. Microsoft provides an integration with the Azure Key Vault to securely store and manage your sensitive information.
As people accustomed with the Azure portal, know, Microsoft provides a fine-grained authorization model to control the various management tasks for eg Logic Apps.
But for allowing triggering the Logic App, there is no real authorization model, this depends mostly on the authentication. The most commonly used way is to use API Keys so you can grant rights to run a Logic App and pass the key in the URL parameter. But a better way is to use either certificates or managed identities to perform the authentication.
On a networking level it is key to use VNETs for your Logic Apps especially if you are using Storage Accounts or other resources that contain sensitive data. What you could do is make the Logic App and related resources part of a VNET and disable any public access. Then you could allow access to the Logic App through a Private Link (within your internal network) and setup an IP filter.
An alternative is to use the Azure API Manager to expose your private Logic App and perform the authentication there. Do be aware that to use VNETs you will need to move from a Consumption plan to a Standard plan, and this means re-creating the Logic App.
A final note on this topic is that although a stateful Logic App provides extremely helpful tools to log and view all details from runs, make sure to redact any information that you do not want to be visible like eg personal details. Logic Apps allows you to easily configure what information you want to redact but you do have to think about it.
Closing thoughts
I'm a big fan of Logic Apps when applied in the right scenario and in the right architecture. They are cheap to run, provide a lot of features out of the box and are so robust you almost will forget how much you rely on them.
I hope this overview if helpful and do feel free to contact me with any questions. I'm aware I tried to be concise in this summary but it is really intended as that; a summary. There are many more details or considerations when designing you Azure architecture but I do hope this summary gives you some insights to get started with one of the unsung heroes of the Azure ecosystem!
Do you have further pitfalls or considerations when using Logic Apps? Do let me know of any interesting scenarios or implementations you might have done with Logic Apps!
Links
https://learn.microsoft.com/en-us/azure/logic-apps/
https://azure.microsoft.com/en-us/products/category/integration
https://learn.microsoft.com/en-us/azure/azure-functions/functions-compare-logic-apps-ms-flow-webjobs
https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app?tabs=azure-portal
Bonus - Write your own workflow designer
for this will to read this to the end, I do have one very interesting bonus feature. Microsoft provides us with a full blow API that allows you to programmatically create your own Logic Apps and with that you could create your own workflow builder for automation tasks. Expand that with custom Triggers and Actions to Feel free to be inspired :-)
https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-workflow-definition-language
