Use Event Grid Private Endpoints

Security · Event Grid · Rule · 2021_12 · Important

Use Private Endpoints to access Event Grid topics and domains.

Description

By default, public network access is enabled for an Event Grid topic or domain. To allow access via private endpoints only, disable public network access.

Recommendation

Consider using Private Endpoints to access Event Grid topics and domains. To limit access to Event Grid topics and domains, disable public access.

Examples

Configure with Azure template

To deploy Event Grid Topics that pass this rule:

• Set the properties.publicNetworkAccess property to Disabled.

For example:

Azure Template snippet

{
  "type": "Microsoft.EventGrid/topics",
  "apiVersion": "2022-06-15",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "disableLocalAuth": true,
    "publicNetworkAccess": "Disabled",
    "inputSchema": "CloudEventSchemaV1_0"
  }
}

Configure with Bicep

To deploy Event Grid Topics that pass this rule:

• Set the properties.publicNetworkAccess property to Disabled.

For example:

Azure Bicep snippet

resource eventGrid 'Microsoft.EventGrid/topics@2022-06-15' = {
  name: name
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    disableLocalAuth: true
    publicNetworkAccess: 'Disabled'
    inputSchema: 'CloudEventSchemaV1_0'
  }
}

Configure with Azure Verified Modules

A pre-built module is avilable on the Azure Bicep public registry. To reference the module, please use the following syntax: br/public:avm/res/event-grid/topic:<version>

Links

• SE:06 Network controls
• Private Endpoints
• Azure deployment reference

Comments