← Back to Dashboard

Design 30: Logic Apps Integration

Summary

This design implements Azure Logic Apps (Standard) for enterprise workflow automation.

Topology: The Logic App is deployed in the Spoke VNet (VNet Integration). This allows it to access private resources (like the SQL DB from Design 21) via the Hub.

1. Key Design Decisions (ADR)

ADR-01: SKU Selection

  • Decision: Logic App Standard.
  • Rationale: Runs on the App Service Plan. Supports VNet Integration. Consumption SKU does not (easily).

ADR-02: Storage

  • Decision: Use Storage Account with Private Endpoint.
  • Rationale: Logic App needs storage for state. Secure it.

2. High-Level Design (HLD)

+--------------+           +--------------------------+           +--------------+
|  Trigger     |           |        HUB VNet          |           |  SPOKE VNet  |
|  (HTTP Req)  |           |      (DNS Resolver)      |           |  (Logic App) |
+------+-------+           +------------+-------------+           +------+-------+
       |                                |                                |
       v                                | (Peering)                      |
+------+-------+                        v                                v
|  Logic App   |           +------------+-------------+           +------+-------+
|  (Workflow)  |---------->| Private DNS Zone         |<----------|  SQL DB      |
+------+-------+           | (privatelink.database)   |           |  (Private)   |
       |                   +--------------------------+           +------+-------+
       |                                                                 ^
       |                                                                 |
       +--------------------(VNet Integration)---------------------------+

3. Low-Level Design (LLD)

                               PRIMARY REGION (East US)
+-----------------------------------------------------------------------+
| HUB VNet: vnet-hub (10.0.0.0/16)                                      |
|   +-----------------------+                                           |
|   | Private DNS Zone      |                                           |
|   +-----------|-----------+                                           |
|               |                                                       |
|               v (Peering)                                             |
+---------------|-------------------------------------------------------+
                |
+---------------|-------------------------------------------------------+
| SPOKE VNet: vnet-logic-spoke (10.1.0.0/16)                            |
|   +-----------------------+       +-----------------------+           |
|   | Subnet: Integration   |       | Subnet: PrivateLink   |           |
|   | (Delegated)           |       | [SQL Private Endpoint]|           |
|   | [Logic App]           |------>| (10.1.1.5)            |           |
|   +-----------------------+       +-----------|-----------+           |
+-----------------------------------------------|-----------------------+
                                                |
                                                v
                                    +-----------------------+
                                    | Workflow Storage      |
                                    | (State)               |
                                    +-----------------------+

                                      |
                                      | (Geo-Redundant Storage)
                                      v

                               SECONDARY REGION (West US)
+-----------------------------------------------------------------------+
| DR SPOKE VNet                                                         |
|   +-----------------------+                                           |
|   | Logic App (Standby)   |                                           |
|   | (Disabled)            |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

4. Component Rationale

  • VNet Integration: Allows the PaaS Logic App to send traffic *into* the VNet.

5. Strategy: High Availability (HA)

  • SLA: 99.9%.
  • Plan: Use WS1 (Workflow Standard 1) plan.

6. Strategy: Disaster Recovery (DR)

  • Implementation: Active-Passive.
  • Process:

* Deploy a second Logic App in West US.

* Leave it disabled.

* In disaster, enable it. (Note: Running instances in East US will fail).

7. Strategy: Backup

  • Code: Logic Apps are JSON. Store in Git.
  • State: Stored in Azure Storage.

8. Strategy: Security

  • Access: Secure the HTTP Trigger using OAuth or SAS keys.
  • Network: Enable "Private Endpoints" for inbound traffic to the Logic App itself.

9. Well-Architected Framework Analysis

  • Reliability: High.
  • Security: High.
  • Cost Optimization: Medium. Standard plan costs ~$150/mo. Good for high throughput.
  • Operational Excellence: High. Visual designer + Code view.
  • Performance Efficiency: High.

10. Detailed Traffic Flow

1. Trigger: HTTP Request received.

2. Action: "Insert Row in SQL".

3. Routing: Logic App uses VNet Integration to enter vnet-logic-spoke.

4. DNS: Resolves SQL hostname via Hub.

5. Connect: Connects to SQL Private IP 10.1.1.5.

6. Execute: Inserts row.

11. Runbook: Deployment Guide (Azure Portal)

11. Runbook: Deployment Guide (Azure Portal)

Phase 1: Create Spoke VNet

1. Search: "Virtual networks" -> + Create.

2. Resource Group: rg-logic-spoke.

3. Name: vnet-logic-spoke.

4. Region: East US.

5. Subnets:

* snet-integration: 10.1.1.0/24.

* snet-privatelink: 10.1.2.0/24.

6. Create.

7. Delegate Subnet:

* Go to snet-integration.

* Subnet delegation: Select Microsoft.Web/serverFarms.

* Save.

Phase 2: Peer to Hub

1. Go to vnet-logic-spoke -> Peerings -> + Add.

2. Remote VNet: vnet-hub.

3. Add.

Phase 3: Create Logic App (Standard)

1. Search: "Logic Apps" -> + Create.

2. Resource Group: rg-logic-spoke.

3. Logic App name: logic-corp-prod-[uniqueid].

4. Publish: Workflow.

5. Region: East US.

6. Plan type: Standard (Required for VNet Integration).

7. Windows Plan: Create new asp-logic-prod.

8. Storage: Create new stlogicapp[uniqueid].

9. Review + create -> Create.

Phase 4: Configure Networking

1. Go to the new Logic App.

2. Networking (Left Menu).

3. Outbound traffic -> VNet integration.

4. Add VNet.

5. Virtual Network: vnet-logic-spoke.

6. Subnet: snet-integration.

7. Connect.

* *Now the Logic App can reach Private IPs in the VNet and Hub.*

Phase 5: Create Workflow

1. Workflows (Left Menu) -> + Add.

2. Name: Flow1.

3. State type: Stateful.

4. Create.

5. Click Flow1 -> Designer.

6. Add Trigger: Request -> When a HTTP request is received.

7. Add Action: SQL Server -> Execute a SQL query (V2).

* Connection:

* Server name: sql-corp-prod.database.windows.net (From Design 21).

* Auth: SQL Server Authentication.

* User/Pass: sqladmin / SuperSecret123!.

* Gateway: None (Connect directly via VNet).

* Query: SELECT * FROM Users.

8. Save.

Phase 6: Test

1. Copy the HTTP POST URL from the Trigger.

2. Use Postman or Curl to send a POST request.

3. Check Run History. It should show "Succeeded" and return SQL data.