1. Using azure-native insights with managedidentity

    TypeScript

    If you're looking to use Azure Monitor Application Insights with managed identities in Azure, you will need to first create an instance of Application Insights. Managed identities in Azure provide an identity for your application to use when connecting to resources that support Azure AD authentication, without needing to manage credentials.

    Let's go over how a Pulumi program using the azure-native provider could provision an Application Insights component with managed identity enabled. First, we need to ensure that we have installed the necessary Pulumi packages. You can install the azure-native provider using the following command:

    pulumi plugin install resource azure-native 2.11.0

    Now let's explore the program. We will start by importing the required packages. Then we'll create a resource group which is a container that holds related resources for an Azure solution. After that, we'll define an Application Insights component within that group. Here's how you can do it:

    import * as pulumi from "@pulumi/pulumi"; import * as azure_native from "@pulumi/azure-native"; // Create a new resource group to contain the Application Insights component const resourceGroup = new azure_native.resources.ResourceGroup("resourceGroup"); // Create an Application Insights component with a system-assigned managed identity const appInsightsComponent = new azure_native.insights.Component("appInsightsComponent", { resourceGroupName: resourceGroup.name, kind: "web", applicationType: "web", // Location is required and should be set to the region that supports Application Insights location: "East US", // Ensure the location is supported for Application Insights in your subscription // Enabling system-assigned managed identity identity: { type: "SystemAssigned", }, }, { parent: resourceGroup }); // Export the Application Insights Instrumentation Key and the managed identity ID export const instrumentationKey = appInsightsComponent.instrumentationKey; export const managedIdentityId = appInsightsComponent.identity.apply(id => id?.principalId);

    This TypeScript program does the following:

    • Imports the necessary modules from Pulumi.
    • Creates a resource group in which we will place the Application Insights component.
    • Defines an Application Insights component with the required kind and applicationType parameters. The kind is often set to "web" for web applications.
    • Specifies the identity property with the type "SystemAssigned" to enable a system-assigned managed identity.
    • Exports the instrumentationKey of the Application Insights component, which is needed to configure your application for telemetry.
    • Exports the managedIdentityId, which you will use to give your application permissions to other Azure resources via Azure RBAC.

    The appInsightsComponent.identity.apply is a method to extract the managed identity ID from the provisioned resource. It's a common pattern in Pulumi for processing resource outputs asynchronously.

    Remember that managed identities are automatically managed by Azure, and after enabling them, you can assign necessary permissions to the managed identity the same way you would assign roles to users or groups in Azure.

    Save your Pulumi program in a TypeScript (.ts) file, and you can then use the standard Pulumi commands to deploy your stack, which consists of the resource group and Application Insights component:

    pulumi up

    After running this command, Pulumi will show you a preview of the resources that will be created. If everything looks correct, you can proceed, and Pulumi will start provisioning the infrastructure. When complete, it will provide you with the outputs that we've defined.

    Keep in mind that you need to have Pulumi installed and properly setup with Azure credentials to run this program. For more details on the resources used here, you can visit the following documentation:

    By following these patterns, you can further extend your Pulumi program to include other Azure resources, configure monitoring, set up alerts, and much more.