How To Self Destruct Azure Resource Groups with Alert and Logic App

I was reading a blog post by Mark Heath on This resource group will self destruct in 30 minutes which leverages an open source Azure CLI extension to automatically delete resource groups.  This extension accomplishes the deletion by scheduling a logic app in the same resource group.  I was curious if I could accomplish the same effect without the need to leverage the Azure CLI (i.e. for any resource group created via portal, PowerShell, etc.)  In this post I’ll show how to configure a “self destruct” mechanism using an Azure Alert and a Logic App.

Solution

Here are the high level steps to follow.

  1. Create Resource Group – Create resource group will host the subsequent resources
  2. Create Logic App – Create logic app to trigger on Azure Activity Log HTTP request (will fill out more later)
  3. Activity Log alert – Create Azure Activity Log alert to trigger logic app
  4. Trigger Alert – Create resource group which triggers Activity Log alert and consequently logic app
  5. Gather JSON schema – Get JSON schema for HTTP request sent to logic app
  6. Finalize Logic App – Add JSON schema from alert HTTP request and action to remove resource group to logic app

1) Create Resource Group

If you don’t already have one, create a resource group to host the resources for the self destruct solution.

2) Create Logic App

Create a logic app in the resource group from previous step.  Add a trigger for When a HTTP request is received.  We will not fill out any of the details for the trigger at this time.  Click Save.

AzureRGSelfDestruct8.jpg

3) Activity Log alert

Navigate to Azure Monitor (can search from the top search bar or go through All Services) for the subscription where the solution will be deployed.

AzureRGSelfDestruct10.jpg

Click Alerts on the left hand navigation.  Click New Alert Rule.

AzureRGSelfDestruct11

Define the resource to be monitored:

  • Resource:
  • Condition:
    • Signal Type: Activity Log
    • Monitor Service: Activity Log – Administrative
    • Signal Name: Create Resource Group (subscriptions/resourceGroups)
    • Alert Logic – Status: Succeeded
  • Action Groups:
    • Action Group Name: SelfDestructResourceGroup
    • Short Name: SelfDestruct
    • Subscription:
    • Resource Group:
    • Action Group Action: LogicApp
      • Subscription:
      • Resource Group:
      • Logic App:
AzureRGSelfDestruct2.jpg
Condition – configure signal logic part 1
AzureRGSelfDestruct3.jpg
Condition – configure signal logic part 2
AzureRGSelfDestruct13
Create new alert action group with a logic app action
AzureRGSelfDestruct4.jpg
Create a new alert action to go in action group
AzureRGSelfDestruct5.jpg
Overview screenshot for rule creation

4) Trigger Alert

Create a new resource group that will then trigger the alert defined in step 3 and consequently fire the HTTP trigger for the logic app defined in step 2.

5) Gather JSON Schema

Navigate to the logic app defined in step 2.  Assuming the logic app was successfully triggered, under Run history select the successful logic app execution.  On the “logic app run” screen expand the trigger and click on Show raw outputs.

AzureRGSelfDestruct14

Save this JSON for use in the next step.  If you are unable to collect this JSON schema you can use the sample below which is already coverted to the final format needed.

Note: the resoureceGroupName element is buried many levels deep.  We will query for this when needed.

{
“properties”: {
“body”: {
“properties”: {
“data”: {
“properties”: {
“context”: {
“properties”: {
“activityLog”: {
“properties”: {
“authorization”: {
“properties”: {
“action”: {
“type”: “string”
},
“scope”: {
“type”: “string”
}
},
“type”: “object”
},
“caller”: {
“type”: “string”
},
“channels”: {
“type”: “string”
},
“claims”: {
“type”: “string”
},
“correlationId”: {
“type”: “string”
},
“description”: {
“type”: “string”
},
“eventDataId”: {
“type”: “string”
},
“eventSource”: {
“type”: “string”
},
“eventTimestamp”: {
“type”: “string”
},
“httpRequest”: {
“type”: “string”
},
“level”: {
“type”: “string”
},
“operationId”: {
“type”: “string”
},
“operationName”: {
“type”: “string”
},
“properties”: {
“properties”: {
“responseBody”: {
“type”: “string”
},
“serviceRequestId”: {},
“statusCode”: {
“type”: “string”
}
},
“type”: “object”
},
“resourceGroupName”: {
“type”: “string”
},
“resourceId”: {
“type”: “string”
},
“resourceProviderName”: {
“type”: “string”
},
“resourceType”: {
“type”: “string”
},
“status”: {
“type”: “string”
},
“subStatus”: {
“type”: “string”
},
“submissionTimestamp”: {
“type”: “string”
},
“subscriptionId”: {
“type”: “string”
}
},
“type”: “object”
}
},
“type”: “object”
},
“properties”: {
“properties”: {},
“type”: “object”
},
“status”: {
“type”: “string”
}
},
“type”: “object”
},
“schemaId”: {
“type”: “string”
}
},
“type”: “object”
},
“headers”: {
“properties”: {
“Connection”: {
“type”: “string”
},
“Content-Length”: {
“type”: “string”
},
“Content-Type”: {
“type”: “string”
},
“Expect”: {
“type”: “string”
},
“Host”: {
“type”: “string”
},
“User-Agent”: {
“type”: “string”
},
“X-CorrelationContext”: {
“type”: “string”
}
},
“type”: “object”
}
},
“type”: “object”
}

6) Finalize Logic App

Edit the Logic App.

Inside the HTTP request trigger either…

  • click “sample payload to generate schema” paste in your sample JSON payload from step 5.

-or-

  • paste the sample I provided into the Schema input.

Next add an action for Delete a resource group (currently in preview at time of writing).

AzureRGSelfDestruct12

Fill in the following values:

  • Subscription:
  • Resource Group: Expression = “triggerBody().data.context.activityLog.resourceGroupName”

AzureRGSelfDestruct7.jpg

The final logic app will look similar to the following:

AzureRGSelfDestruct6.jpg

Test Solution

Test out the solution by adding a new resource group to the monitored subscription.  Check the Azure Monitor alerts to see if the Activity Log entry for successful resource group creation triggered the Logic App.

AzureRGSelfDestruct16

Then verify the logic app execution history shows the resource group deletion was successful.

AzureRGSelfDestruct15

Next steps

More than likely you will not want to delete the resource group right after you create it.  In that case you can add a Delay action which pauses the logic app for a specified number of minutes (ex. 60 minutes).  Additionally you could apply conditional logic to check if the name of the resource group matches (or doesn’t match) a specific pattern.  There are many additions you can add to personalize this solution to your needs.

Conclusion

In this post I walked through an adaptation of the Azure CLI extension that Mark Heath linked to.  We leveraged an Azure Monitor alert together with a logic app to provide an option to self destruct any resource group no matter where or how it was created.  If you have any feedback or additional suggestions feel free to leave them in the comments.

-Frog Out

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s