Connect with Application Insights in ‘not Local auth mode’ using OpenTelemetry
TOC
What is it
How to use it
References
What is it
Azure Web Apps or Azure Function Apps frequently communicate with Application Insights to log various levels of data, which can later be reviewed and filtered in the Log Analytics Workspace.
Taking Python as an example, the official documentation mentions that the OpenCensus package will no longer be supported after 2024-09-30.
The article suggests OpenTelemetry as the latest alternative. In response to the growing cybersecurity awareness among many companies, many users have disabled the ‘Local Authentication’ feature in Application Insights to enhance security.
Therefore, this article will focus on how Web Apps/Function Apps can use Managed Identity to communicate with Application Insights and utilize the latest OpenTelemetry package to avoid the predicament of unsupported packages.
How to use it
According to Microsoft Entra authentication for Application Insights – Azure Monitor | Microsoft Learn, sample code with “OpenCensus” will EOS after 2024-09-30 which means this method is deprecatedfrom now. (will show up in further code snippet with method 1)
Currently, Microsoft officially suggest user apply OpenTelemetry as the new method. (will show up in further code snippet with method 2).
Step 1:
Function App should use system/user assigned managed identity to issue credential for accessing AI (i.e., Application Insights), I choose system assigned managed identity in this sample.
In the “Role Assignment”, please add the “Monitoring Metrics Publisher” to the target AI resource, I add the parent RG (i.e., resource group) from that AI in this experiment.
Step 2:
In code level, I use Function App python V1 architecture from the python code, but I think V1 and V2 could achieve the same goal.
[requirements.txt]
# Method 2: opentelemetry
azure-monitor-opentelemetry
azure-identity
[<TriggerName>/__init__.py]
# Method 2: opentelemetry
from azure.monitor.opentelemetry import configure_azure_monitor
from logging import INFO, getLogger
from azure.identity import ManagedIdentityCredential
credential = ManagedIdentityCredential()
configure_azure_monitor(
connection_string=’InstrumentationKey=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX;IngestionEndpoint=https://XXXXXX-X.in.applicationinsights.azure.com/;LiveEndpoint=https://XXXXXX.livediagnostics.monitor.azure.com/;ApplicationId=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX’,
credential=credential
)
# Method 2: opentelemetry
logger2 = getLogger(__name__)
logger2.setLevel(INFO)
logger2.info(“Method 2: opentelemetry”)
logger2.handlers.clear()
The connection_string mentioned in the code can be obtained through the AI’s overview page.
Step 3:
After the deployment to the Function App, we could use online Code+Test from Azure portal
And the corresponding AI will got the log.
References:
azure-monitor-opentelemetry · PyPI
Microsoft Tech Community – Latest Blogs –Read More