Managing Azure Resources using Telegram Bot using Python — Part 1

Azure Loves Telegram

Hello Readers,

This tutorial is designed to give you an overview of controlling your azure resources using 3rd party services such as telegram bot, In part-1 of this series, you will learn about Azure portal configuration required for Bot control while Part-2 will focus on building the Telegram Bot and will be explained by Nihir Shah.

Prerequisites :
Azure Account, assuming you already have one. If not please follow this link to get a free account for a period of 12 months.

Note:
Here we have targeted azure VM as the resource to be managed. Similar approach can then be used to manage other Azure Resources. Here our main objective is to show you how can this Integration be achieved.

Step 1- Creating Logic Apps for managing the resources.

Logic Apps are a safe, efficient and codeless way to manage various activities on Azure, you can learn more about this powerful piece of tech by following this link.

Deploying Logic App resource in Azure Portal

1. create the logic apps using the following steps :
   select Create a resource >> search for log app in search bar >> then click on create logic app
2. fill in the details, name and resource group as you can see in the Image on left.
3. click (Review+ Create)
4. If everything goes well, you will be prompted with create on next screen.
5. Your azure logic app will be deployed after step-4.

Once the logic app is deployed, the next step is to configure the endpoints which will later be used to control our VM programmatically.

Step 2 - Designing the logic app to manage Azure VM.

You can find the freshly deployed Logic app, in the list of logic apps. To find it follow these steps : Azure Home >> Search for Logic Apps >> Select Logic App you deployed (ManagingVM in this case) from the list.

Logic Apps Designer Screen.

When you select the ManagingVM Logic App, displayed from the list of Logic Apps, you will be Prompted with Logic Apps Designer screen as shown on the Left.

Click on Blank Logic App creation.

This Takes us to our Canvas where all the logic is scripted.

Designing Logic App (step 1– step2)

1.Search For Request in the search Bar, we must select Request as trigger.

2.Then, click on Request followed by When a HTTP Request is Received.

Configuring HTTP Trigger (step 3- step 6)

3. We will now Design our HTTP get URL, which will later be used for Telegram BOT.

4. Configure Method as Get

5. Add Relative Path variable /{action}.

6. You cannot see URL now, it will be created dynamically only when you click save button.

Condition configuration (step 7- step 9)

7. click on next step.

8. Search for Condition

9. Configure the condition with OR, Select action from the dynamic content, configure it as follows:
1. action is equal to start
2. action is equal to powerOff

Microsoft Azure Exposes REST APIs to manage the Resources. (You can read more in its official documentation). We must use these APIs to start and Stop the VM.
You might be wondering at this moment that if Azure already provides us with such APIs then why are we trying to create a custom API. there are two reasons for this.

1. Azure API requires you to have OAuth 2 token in order to complete the request, and in this case we are trying to achieve the workflow without it. that is users can access these endpoints in your custom application without having direct access to Azure Resources and Azure Identity.
2. Custom APIs will not have subscription ID and other sensitive information exposed.

To start and stop the VM we will use following REST APIs, for more VM related APIs you can follow this link

Start VM
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachines/{vmName}/start?api-version=2019-12-01
Stop VM
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachines/{vmName}/powerOff?api-version=2019-12-01

The above mentioned APIs need more configuration such as subscriptionID, resource Group Name and VM Name, you can find these details on VM overview section as seen below. Fill in these details and configure the APIs

Azure VM Subscription Details

once your APIs are ready, we can continue the Logic Design Steps as follows.

If-True configuration (steps 10–14)

10. Under If- True section, click Add an action then search for HTTP and select it.

11. Configure Method as POST,
URL as Defined in above section, with Subscription ID, Resource Group name and VM name. if you look closely at REST APIs it has all the same information except start and powerOff.

12. In the URL we configure {action} variable, created in step 5, This variable will be used to hold the values such as start or powerOff and we can then manage the resource accordingly.

13. Configuring the most crucial part now, i.e. Authentication. Click on Add new parameter located on the bottom of HTTP card and select Authentication.

14. Select
A. Authentication Type as Managed Identity
B. Managed Identity as System Managed Identity

Save your Logic app at this moment, we will configure System Identity now.

Step 15

15. Click on App Name on the top left corner, and you will be prompted with following screen shown below.

Configuring System Managed Identity (step 16- step 18)

16. Find the Identity from the blade.

17. Change the status to on and click save.

18. select yes when prompted to Enable the system managed Identity.

We are using system managed Identity because not just any one can trigger REST API to control the resources. It requires an OAuth token in the request.
Azure provides us this by using System Managed Identities that enable two resources to communicate with each other based on Identity.
To know more about System Managed Identities follow this link.

Designing the last part of Logic App i.e. to send response back to the client that made the call. Click on Logic App Designer seen in the same blade we selected Identity from.

Configuring Response for If-true(steps 19–20)

19. Under If-true where we have already added HTTP, click on Add an Action and search for response in actions.

20. Configure Headers as
Content-type - application/json and Body as
Body from Dynamic Menu which pops up when we click in space (This Body is Response returned from REST API in HTTP action).

Configuring Response for If-False (steps 21–22)

21. Configuration for If-false.

22. change the status code to 404, or as you like it to be.
curate the Body as per your requirement.

Voila! you have come very far, one last step and you will be there.

Step 3 - Configuring IAM for the resource you wish to control (Azure VM in this case).

Role configuration (steps 1–4)

1. Go to your resource VM, Select IAM.
2. Under IAM, Select Add + >> Add Role Assignment
3. Under role assignment
   A. Role - Contributor.
   B. Assign access to - Logic App
   C. Select — Logic App name we created in major steps 1 and 2.
4. Hit Save Button.

Congratulations!! With this, we have successfully configured the custom API for controlling your azure resources.
you can now access this API from Logic App Designer view as shown below.

URL to access the Endpoints.

Test your endpoint from Postman, curl, web or any tool you prefer, you can even use these endpoints in your websites, mobile apps, alexa skills, bots and anywhere you want to, make sure you keep the url safe.

Now you can proceed to the Part — 02 of the tutorial to make your telegram bot through This link