I was reading a blog post by Mark Heath on This resource group will self destruct in 30 minutes which leverages an open source Azure CLI extension to automatically delete resource groups. This extension accomplishes the deletion by scheduling a logic app in the same resource group. I was curious if I could accomplish the same effect without the need to leverage the Azure CLI (i.e. for any resource group created via portal, PowerShell, etc.) In this post I’ll show how to configure a “self destruct” mechanism using an Azure Alert and a Logic App.
Solution
Here are the high level steps to follow.
- Create Resource Group – Create resource group will host the subsequent resources
- Create Logic App – Create logic app to trigger on Azure Activity Log HTTP request (will fill out more later)
- Activity Log alert – Create Azure Activity Log alert to trigger logic app
- Trigger Alert – Create resource group which triggers Activity Log alert and consequently logic app
- Gather JSON schema – Get JSON schema for HTTP request sent to logic app
- Finalize Logic App – Add JSON schema from alert HTTP request and action to remove resource group to logic app
1) Create Resource Group
If you don’t already have one, create a resource group to host the resources for the self destruct solution.
2) Create Logic App
Create a logic app in the resource group from previous step. Add a trigger for When a HTTP request is received. We will not fill out any of the details for the trigger at this time. Click Save.
3) Activity Log alert
Navigate to Azure Monitor (can search from the top search bar or go through All Services) for the subscription where the solution will be deployed.
Click Alerts on the left hand navigation. Click New Alert Rule.
Define the resource to be monitored:
- Resource:
- Condition:
- Signal Type: Activity Log
- Monitor Service: Activity Log – Administrative
- Signal Name: Create Resource Group (subscriptions/resourceGroups)
- Alert Logic – Status: Succeeded
- Action Groups:
- Action Group Name: SelfDestructResourceGroup
- Short Name: SelfDestruct
- Subscription:
- Resource Group:
- Action Group Action: LogicApp
- Subscription:
- Resource Group:
- Logic App:
4) Trigger Alert
Create a new resource group that will then trigger the alert defined in step 3 and consequently fire the HTTP trigger for the logic app defined in step 2.
5) Gather JSON Schema
Navigate to the logic app defined in step 2. Assuming the logic app was successfully triggered, under Run history select the successful logic app execution. On the “logic app run” screen expand the trigger and click on Show raw outputs.
Save this JSON for use in the next step. If you are unable to collect this JSON schema you can use the sample below which is already coverted to the final format needed.
Note: the resoureceGroupName element is buried many levels deep. We will query for this when needed.
{
“properties”: {
“body”: {
“properties”: {
“data”: {
“properties”: {
“context”: {
“properties”: {
“activityLog”: {
“properties”: {
“authorization”: {
“properties”: {
“action”: {
“type”: “string”
},
“scope”: {
“type”: “string”
}
},
“type”: “object”
},
“caller”: {
“type”: “string”
},
“channels”: {
“type”: “string”
},
“claims”: {
“type”: “string”
},
“correlationId”: {
“type”: “string”
},
“description”: {
“type”: “string”
},
“eventDataId”: {
“type”: “string”
},
“eventSource”: {
“type”: “string”
},
“eventTimestamp”: {
“type”: “string”
},
“httpRequest”: {
“type”: “string”
},
“level”: {
“type”: “string”
},
“operationId”: {
“type”: “string”
},
“operationName”: {
“type”: “string”
},
“properties”: {
“properties”: {
“responseBody”: {
“type”: “string”
},
“serviceRequestId”: {},
“statusCode”: {
“type”: “string”
}
},
“type”: “object”
},
“resourceGroupName”: {
“type”: “string”
},
“resourceId”: {
“type”: “string”
},
“resourceProviderName”: {
“type”: “string”
},
“resourceType”: {
“type”: “string”
},
“status”: {
“type”: “string”
},
“subStatus”: {
“type”: “string”
},
“submissionTimestamp”: {
“type”: “string”
},
“subscriptionId”: {
“type”: “string”
}
},
“type”: “object”
}
},
“type”: “object”
},
“properties”: {
“properties”: {},
“type”: “object”
},
“status”: {
“type”: “string”
}
},
“type”: “object”
},
“schemaId”: {
“type”: “string”
}
},
“type”: “object”
},
“headers”: {
“properties”: {
“Connection”: {
“type”: “string”
},
“Content-Length”: {
“type”: “string”
},
“Content-Type”: {
“type”: “string”
},
“Expect”: {
“type”: “string”
},
“Host”: {
“type”: “string”
},
“User-Agent”: {
“type”: “string”
},
“X-CorrelationContext”: {
“type”: “string”
}
},
“type”: “object”
}
},
“type”: “object”
}
6) Finalize Logic App
Edit the Logic App.
Inside the HTTP request trigger either…
- click “sample payload to generate schema” paste in your sample JSON payload from step 5.
-or-
- paste the sample I provided into the Schema input.
Next add an action for Delete a resource group (currently in preview at time of writing).
Fill in the following values:
- Subscription:
- Resource Group: Expression = “triggerBody().data.context.activityLog.resourceGroupName”
The final logic app will look similar to the following:
Test Solution
Test out the solution by adding a new resource group to the monitored subscription. Check the Azure Monitor alerts to see if the Activity Log entry for successful resource group creation triggered the Logic App.
Then verify the logic app execution history shows the resource group deletion was successful.
Next steps
More than likely you will not want to delete the resource group right after you create it. In that case you can add a Delay action which pauses the logic app for a specified number of minutes (ex. 60 minutes). Additionally you could apply conditional logic to check if the name of the resource group matches (or doesn’t match) a specific pattern. There are many additions you can add to personalize this solution to your needs.
Conclusion
In this post I walked through an adaptation of the Azure CLI extension that Mark Heath linked to. We leveraged an Azure Monitor alert together with a logic app to provide an option to self destruct any resource group no matter where or how it was created. If you have any feedback or additional suggestions feel free to leave them in the comments.
-Frog Out
The Frog Pond of Technology 