Skip to content

jkerai1/LogicApps2DiscordWebhook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
MicrosoftServiceHealthAlerts
MicrosoftServiceHealthAlerts
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

GitHub stars GitHub forks GitHub issues GitHub pulls

LogicApps2DiscordWebhook

Use Logic Apps To Push to Discord Webhooks

See also CanaryTokens to Sentinel

General Structure

This is a very helpful tool for formatting the JSON

But here is the basic Example - we need the HTTP webhook Connector and this json:

You can use generic HTTP also for single fire use-case

image

{
  "content": "YOUR TEXT",
  "embeds": [
    {
      "title": "<YOUR TEXT>",
      "description": "YOUR TEXT",
      "color": 5814783
    }
  ],
  "attachments": []
}

Colour is optional

Generic Guidance

Store Webhooks in Keyvault

Store Webhooks in Key Vault (Secrets - Get) and use secure Input in logic app to hide the keys between runs

If you know what key you need to pull you don't need to assign Secrets - List. This is up to you for convienence.

When creating the secret use tags to identify discord and usage

image

You can leverage a Managed Identity (system or user assigned is up to you - pros and cons. If you are building at scale then I'd go User Assigned) and grant azure access policy to the key vault

Assign Managed Identity Key Vault Access Policy
image image

My preference remains Access Policy over Azure RBAC I need to more clear

Creating the connection from Logic app by selecting get Secret and switching the drop down menu to Managed Identity

image

Because I don't allow Secrets List I need to use Custom Value to add in the secret name - If you added secrets list you can just select from dropdown menu:

Listing is Forbidden Use Custom Name
image image

Make sure to lock input/output from Settings > Security

image

As I put the entire discord webhook URL in the keyvault this is now what my webhook looks like:

image

Use secure Input/Output in logic app to hide the keys between runs if you aren't using keyvault

image

Otherwise a playbook operator role Azure IAM will be able to see the secrets as they are run. Niche but easy to secure

Try-Catch

Because the logic app may not get a response from Discord you may want to do a manual terminate so runs do not appear failed.

image

Parallel Branching

Need to push to multiple locations? use parallel branches!

image

Network restrictions

As logic app consumption does not support private endpoints you can set the Connector outbound IPs of the logic app as an allowed IP on the key vault, this isn't a true security control but better than nothing.

image

image

Bear in mind you will need to add your own IP everytime you want to make a change to the keyvault, remember to clear this down after.

If you are using HTTP trigger and invoking from another logic app this is also a good idea:

image

HTTP Triggers are great for modularity and reuse as you can define a custom JSON

Use Parse Json to declare immutables

See Damien Bird - Create variables in your Power Automate Flow or Canvas Power App

image

About

Use Logic Apps To Push to Discord Webhooks

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published