Versions Compared

Old Version 3

changes.mady.by.user Roger Cruz

Saved on

compared with

New Version 4

changes.mady.by.user Roger Cruz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Event subscriptions allow you to set up HTTP headers that are included in delivered events.

  • This capability allows you to set custom headers that are required by a destination.

  • You can set up to 10 headers when creating an event subscription.

  • Each header value shouldn't be greater than 4,096 (4K) bytes.

...

Access Control

  • Control access to events

  • Authorizing access to Event Grid resources

  • Azure Event Grid allows you to control the level of access given to different users to do various management operations such as list event subscriptions, create new ones, and generate keys.

    • Event Grid uses Azure role-based access control (Azure RBAC)

  • EventGrid doesn't support Azure RBAC for publishing events to Event Grid topics or domains.

    • Use a Shared Access Signature (SAS) key or token to authenticate clients that publish events.

  • If you're using an event handler that isn't a WebHook (such as an event hub or queue storage), you need write access to that resource.

  • This permissions check prevents an unauthorized user from sending events to your resource.

  • You must have the Microsoft.EventGrid/EventSubscriptions/Write permission on the resource that is the event source.

  • You need this permission because you're writing a new subscription at the scope of the resource.

  • The required resource differs based on whether you're subscribing to a system topic or custom topic

    • System topic: Need permission to write a new event subscription at the scope of the resource publishing the event.

      • The format of the resource is: /subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}

    • For custom topics, you need permission to write a new event subscription at the scope of the event grid topic.

      • The format of the resource is: /subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.EventGrid/topics/{topic-name}

      • For example, to subscribe to a custom topic named mytopic, you need the Microsoft.EventGrid/EventSubscriptions/Write permission on: /subscriptions/####/resourceGroups/testrg/providers/Microsoft.EventGrid/topics/mytopic

...

Receive events by using webhooks

  • Receive events by using webhooks

  • Webhooks are one of the many ways to receive events from Azure Event Grid.

    • When a new event is ready, Event Grid service POSTs an HTTP request to the configured endpoint with the event in the request body.

  • Event Grid requires you to prove ownership of your Webhook endpoint before it starts delivering events to that endpoint.

    • This requirement prevents a malicious user from flooding your endpoint with events.

  • When you use any of the three Azure services listed below, the Azure infrastructure automatically handles this validation:

    • Azure Logic Apps with Event Grid Connector

    • Azure Automation via webhook

    • Azure Functions with Event Grid Trigger


Endpoint validation with Event Grid events

  • If you're using any other type of endpoint, such as an HTTP trigger based Azure function, your endpoint code needs to participate in a validation handshake with Event Grid.

  • Event Grid supports two ways of validating the subscription.

    • Synchronous handshake: At the time of event subscription creation, Event Grid sends a subscription validation event to your endpoint.

      • The schema of this event is similar to any other Event Grid event.

      • The data portion of this event includes a validationCode property.

      • Your application verifies that the validation request is for an expected event subscription, and returns the validation code in the response synchronously.

      • This handshake mechanism is supported in all Event Grid versions.

    • Asynchronous handshake: In certain cases, you can't return the ValidationCode in response synchronously.

      • For example, if you use a third-party service (like Zapier or IFTTT), you can't programmatically respond with the validation code.

  • Event Grid supports a manual validation handshake.

  • If you're creating an event subscription, Event Grid sends a validationUrl property in the data portion of the subscription validation event.

  • To complete the handshake, find that URL in the event data and do a GET request to it.

    • You can use either a REST client or your web browser.

...

Filter events

  • Filter events

  • When creating an event subscription, you have three options for filtering:

    • Event types

      • By default, all event types for the event source are sent to the endpoint. You can decide to send only certain event types to your endpoint

      • Code Block
        "filter": {
  "includedEventTypes": [
    "Microsoft.Resources.ResourceWriteFailure",
    "Microsoft.Resources.ResourceWriteSuccess"
  ]
}

    • Subject begins with or ends with

      • Code Block
        "filter": {
  "subjectBeginsWith": "/blobServices/default/containers/mycontainer/log",
  "subjectEndsWith": ".jpg"
}

    • Advanced fields and operators

      • To filter by values in the data fields and specify the comparison operator, use the advanced filtering option.

      • Code Block
        "filter": {
  "advancedFilters": [
    {
      "operatorType": "NumberGreaterThanOrEquals",
      "key": "Data.Key1",
      "value": 5
    },
    {
      "operatorType": "StringContains",
      "key": "Subject",
      "values": ["container1", "container2"]
    }
  ]
}

...

Comparison of services

...