Azure Functions + Logic Apps + Twitter + Telegram

I was a bit bored and decided to create this setup 🙂

My function code is hosted on github. You can use that to setup an Azure Function which can accept calls from a Telegram bot. You would need to create App Settings to represent you Telegram bot key and Logic Apps key (which you would obtain after creating the app).

After that you would create a Logic App in Azure with the following definition. You would need to adjust the xxx to proper values for your subscription.

Right now this bot works the following way:

You send anything to it (to the bot in telegram) it responds with an inline keyboard and then you press either “MrLlamaSC” or Placeholder. That sends a response to the Function App.

When you push the “MrLlamaSC” button it would send a response, that would get processed by the Azure Functions that would send a request to a Logic App that would send a request back to Azure Function which would send the tweet back to the Bot.

If you go through the code you would easily understand how the function works. I’ve decided against using the SDK just to illustrate that its possible to do with plain HTTP requests and a bit of Logic Apps magic. I will do a post on Logic Apps a bit down the road.


Bot Picture

Azure Disk Encryption + Linux VM = ??

Just a quick script to automate creating a linux VM and excrypting it. Requires you to be logged with proper rights (to create all the things and access KeyVault)


Creating a Key Encrypting Key (KEK)

Self Signed Certificate Creation

Explore Azure Disk Encryption with Azure Powershell

Explore Azure Disk Encryption with Azure PowerShell – Part 2

Azure Backup without Powershell aka REST API

Lets say you wanted to manage Azure Backup programmatically, but you are using Azure Cli, or Cli 2, or Python SDK, well, not Powershell, you only resort would be Azure Rest API (sigh). Well let’s use what we can.

Rest Api calls are documented, but pretty poorly.

Lets say you want to delete a VM from protection. Seems easy enough:

Well, only several slight nuances. WTH is fabricname? containername?  Notice how it doesn’t give any hint at ALL how to construct a proper query. Well, turns out you either have to guess, or get a list of protectable items (if you would want to get a single item you would be facing the same challenge).

Conveniently, a list of Protectable items ( has instructions how to query it (not obvious, but if you scroll down to filter you will find those). So after some struggle you come up with this:

I believe those IaasVMContainer;iaasvmcontainerv2; and ,code>VM;iaasvmcontainerv2; are constant if you are working with Azure VM’s that are added to Azure Backup. Which leads you to this:

You can use armclient (to test) to invoke those (or any other way you like, but arm client seems the most legitimate way for testing). After that it is pretty straight forward. Rough Python SDK code to do that:

Add autoscale to VMSS (Virtual Machine Scale Set)

Obviously, you can tweak the rules as you want.



Add vm extension to already deployed Virtual Machine Scale Set (VMSS)

Basically, I’m going to show 2 ways of doing that powershell and ARM.



Send message to Telegram Channel with Azure Function

Turns out its pretty easy and straight forward:

  1. Create a bot (
  2. Join it to a chat and get chat id
  3. Send messages 😉

First two are pretty straight forward, I’ve added the link to the Bot creation tutorial, to get the chat ID after you’ve added the bot do this:<YourBOTToken>/getUpdates and look for the chat object in the resulting JSON, it will have a node property, chatid is a negative number.

To work with Bot I’ve created the following Function using C# (you can use anything you want), this function will take http input and send it to Telegram chat, you can create any trigger you like:

My Config for Function:

You would also need to configure CORS, to allow for requests from your site\source and add projects.json (should be in your function directory, refer: to install dependency:

Create auto-shutdown policy for an Azure VM with Powershell

Recently Microsoft announced the ability to create auto-shutdown policies for ARM VM’s, but there’s no capacity to automate this, or is there?

Lets create a following hashtable in Powershell:

How to work with ARM Templates without going mad

ARM Templates are meant for automating deployments, for better understanding of the ARM concepts consult this document. I’m writing this under the assumption that you are interested in writing your own ARM templates and got lost at some point.

Obviously consult ARM syntax. And general ARM guidelines. But this shouldn’t be your case. But this document might help you, design patterns for Azure Resource Manager templates when deploying complex solutions.

Basics. Where do I start?

Well, if you are not interested in inventing the wheel again, I’d recommend starting by finding some relevant examples on the web.

There are 3 main sources of ARM Templates:

  1. Github ARM examples repository
  2. Search engine (thou, seldom this does work)
  3. Your own collection of templates (well…)

Once you’ve found something that looks like what you need (or almost looks like that) you can start working on it. If not, try other ways of making your life easier:

  1. “Automation Script” button on the Azure Portal
  2. Look through already deployed templates and export them
  3. Azure Explorer
  4. Azure Automation option

All of these are doing exactly the same, they are giving you a way to export existing resources you have in Azure into ARM Template. So obviously you should have those resources in Azure before you export them, but that is pretty easy to do.

But bear in mind, all of these ways are nowhere near perfect, they cannot export certain things\properties\parameters, so after you’ve exported a template, read through it (or try deploying) and figure out if something is missing from the template.

Working with Azure Explorer is pretty intuitive, so I won’t explain it. It could help you out if you are looking for some specific property that didn’t get exported with “Automation Script”, also looking at already deployed templates could work when “Automation Script” doesn’t.

Azure automation option can be used when you are creating resource in Azure using the portal, when you are about to deploy it, you can notice “Automation option” button near the deploy button.

Azure Automation Options

The thing with “Automation option” most of the time it uses a slightly different template to deploy stuff, which can help you.

How do I fix missing properties? ARM Schemas!

ARM Templates have a JSON schema, and that schema is well defined, I’ve linked the schema definitions repository. You can work your way through the schema to create a Template from scratch, but I doubt any sane person could handle all the humiliation they would have to go through to do that. Luckily, there are ways to ease the pain:

  1. Visual Studio code with Azure Resource Manager Tools and ARM Snippets
  2. Visual Studio with Azure SDK

Also some usefull hotkeys for VS Code: Alt+Shift+F – format the JSON template, so it looks pretty and easier to read, Ctrl+Shift+M – find errors and show them. If you select the language of the file as JSON, VS Code will offer intellisense when working with ARM Templates (if you’ve installed extensions). Pretty sure Visual Studio has the same capabilities, I haven’t really worked with it a lot.

What is convenient with Visual Studio it allows to navigate between resources in the template (similar to what you can do in the portal). This is pretty useful when you are working with a big template.

Template Documentation example 6

More information on both: VS Code and Visual Studio.

Sometimes, intellisense doesn’t help, and to fix that you could consult the schema. Say you want to know, what parameters are there for VM OSProfile, you go to the “schema master” and search for the entity you are interested in. Since we want a Virtual Machine property we will look for virtual machine schema under “resources” and there we will find reference schema (“”). You download that schema and look through it to find relevant information, this time its OSProfile (this is where Alt+Shift+F hotkey comes in handy, as those definitions are minimized, so not readable):

As you probably noticed, some of those are links to another objects in the schema, they could easily be located with a quicl Ctrl+F, unless they link to another schema file, in that case, look in that file.

This section above is left only for historical purposes, right now your best bet is to use new Azure Template documentation. It offers a more convenient way to achieve the same result you would with ARM Schemas and much faster.

Template Documentation example

As you can see, this is an example of a Key Vault resource Schema, but as you can see this example doesn’t offer a way to create a Key Vault secret, which basically makes this pretty useless. Why would you need a Key Vault without any entities stored in it? Why would you need to use Powershell or something else to create secrets? Well, it turns out you don’t need to do that, you can do that with an ARM Template, here’s an example:


Let’s take that one step further, We know that “anything” is possible using Azure REST API. But what if we want to create a secret that is disabled (not that there is a reason for that, but We are just using that as an example) or not usable after certain date. Looking at the REST Api reference for creating a Key Vault secret We can notice that there are properties to do that.

Template Documentation example 3

Well, lets try adding that to the template:

Template Documentation example 4

If you test it you will see something like this:

Template Documentation example 5

In other words, it worked. Well, that gives us an idea on how to extend ARM Templates despite the fact that neither ARM Schema, nor official ARM Templates documentation list those fields\properties as possible.

TLDR \\ Short Summary

I recommend using this “workflow” when working with ARM Templates:

  1. Look for existing examples on the web
  2. Export existing resources to create a base template (if you cant find an example, or if you are missing a lot of properties)
  3. Consult the schema and intellisense when working your way through the template, use appropriate free tools, don’t make your life harder
  4. Try deploying your template and see what the errors are and fix them, errors can be obtained in the portal or using powershell\cli (and probably all the sdk’s)


  1. Always check for known errors
  2. Enable debug mode
  3. Sometimes ARM engine will throw something like: “Error at line 1, column 2356”, easiest way to handle such an error – minify your JSON and look for character 2356 in the result.
  4. Use official MS guidance to troubleshoot ARM deployments


There exists an ArmWiz (and an old version) fancy thing which might help someone someday, I do not see much value in it, as it has got no intellisense, doesn’t create meaningful resources when you add them, but it can help you make sense of an existing big template. Reference.

I have to take my words back on this one, this is pretty useful if you are just starting to work with a big template that you didn’t put together. So it can be really useful.


I’ve heard several times that you cannot use reference to other resource in the template outside of the output section. This is false. You can do that, the only requirement is that the resource should be deployed after the resource it is referencing, which is quite logical.

Windows Jenkins container

In the jenkins folder you would want jenkins.war, jre and git (well, i figured jenkins is useless without git).
For COPY command to work you would have to invoke docker build from the directory containing jenkins directory.

To build I’m using:

Also, currently my windows docker containers are not getting proper dns resolution, so I had to work around that.

So to run that, I use:

So I’m aware there’s the ENV directive in the dockerfile, but it won’t work for me with windows containers, for some reason. Or you could specify full path to java executable in the CMD directive of the dockerfile and you would also have to specify full path to git inside Jenkins in that case. Also, there’s a hack to skip certificate verification. So probably not suitable for production use 😉