Application Insights Dashboard

I am not sure how may people have noticed, but if you use IaC to create your resources and this includes Application Insights then at some point a Dashboard will magically appear in your Azure resource group. If you create a standard App Insights instance in the portal, this dashboard is not created immediately, instead when a user selects the Dashboard link in app insights the dashboard is then created. Now you might be thinking so what, if the dashboard does not exists App Insights works normally and will be created on first access. Yes this is all true, now think you have a wonderful ARM template, or bicep, description of your resource group without the dashboard and as per best practice you have placed a delete lock on the resource group to stop the accidental removal of your wonderful production resources, what impact does this have as the dashboard will still be created on first use.

Lets think about this for a minute though, ARM is not just about creating resources, but if you use Complete mode, it is also about removing resources so after a template deployment your resource group looks exactly like the description in the ARM template or bicep file. Now on first run this is all fine, however when you deploy a second time think carefully. The first act of ARM is to update or create all the resources and then cycle through and delete all resources that are not in your ARM template. BUT we now have a ‘Delete’ lock on the resource group preventing the removal of any resources. Yes we could remove the delete lock before deployment, I would contend we would only do this if we are purposely removing a resource which we are not doing. Additionally the dashboard ahs a strange name, GUID, that is picked up from somewhere and is somehow tied to the App Insights instance.

So what is the answer, well it would be to create the dashboard in your ARM template and link this to your application insights instance in the same way that that Azure performs, this is not as obvious as it sounds. The trick is to realise that the dashboard name is based on the AppId of the application insights, this is an internal property and can be discovered through https://resources.azure.com. In an ARM template this property can be retrieved from a resource reference, however as you cannot use reference function outside of an Output or properties block you have to go the extra step and place your dashboard within a nested or linked template.

To see the full solution please visit my GitHub repo at Azure/ARM/Resource/AppServiceWithMSIAppInsights at main · drewkg/Azure (github.com)

Now to see how this can be achieved in Bicep and Terraform.