Use Managed Identity for Event Grid Topics#
Security · Event Grid · Rule · 2021_12
Use managed identities to deliver Event Grid Topic events.
Description#
When delivering events you can use Managed Identities to authenticate event delivery. You can enable either system-assigned identity or user-assigned identity but not both. You can have at most two user-assigned identities assigned to a topic or domain.
Recommendation#
Consider configuring a managed identity for each Event Grid Topic.
Examples#
Configure with Azure template#
To deploy Event Grid Topics that pass this rule:
- Set the
identity.type
toSystemAssigned
orUserAssigned
. - If
identity.type
isUserAssigned
, reference the identity withidentity.userAssignedIdentities
.
For example:
Azure Template snippet
{
"type": "Microsoft.EventGrid/topics",
"apiVersion": "2021-06-01-preview",
"name": "[parameters('topicName')]",
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"disableLocalAuth": true,
"publicNetworkAccess": "Disabled",
"inputSchema": "CloudEventSchemaV1_0"
}
}
Configure with Bicep#
To deploy Event Grid Topics that pass this rule:
- Set the
identity.type
toSystemAssigned
orUserAssigned
. - If
identity.type
isUserAssigned
, reference the identity withidentity.userAssignedIdentities
.
For example:
Azure Bicep snippet
resource eventGrid 'Microsoft.EventGrid/topics@2021-06-01-preview' = {
name: topicName
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
disableLocalAuth: true
publicNetworkAccess: 'Disabled'
inputSchema: 'CloudEventSchemaV1_0'
}
}
Links#
- Use identity-based authentication
- Assign a managed identity to an Event Grid custom topic or domain
- Authenticate event delivery to event handlers
- Azure deployment reference
Last update:
2023-09-10