I have made a little solution to check the expiry date of certificates in a keyvault and send an email notification to a channel in Teams if any are due to expire in 7 days.
The solution does what I want it to, but I'm not happy about using my personal identity in the 'Create Job' step, where I call the runbook. It seems like anyone who has access to the Logic App could edit this step to call any runbook using my identity.
For clarity, here's a screenshot of the logic app steps (dont have enough rep to paste directly)
Screenshot of azure logic app steps
The runbook is associated with an automation account and uses this account when inspecting the keyvault (the account has least permissions to do its job). I am selecting this in the Automation Account field of the Create Job task. I don't understand why it was necessary to enter my own personal credentials at all.
Even worse is that now I have added my identity to the Create Job step, I can't seem to remove it - any time I add a new Create Job step in the logic app it is automatically associated with my user account. This is the first time I've used logic apps, so it might be that I'm worrying about nothing