Use Event Grid Private Endpoints

Security · Event Grid · 2021_12

Use Private Endpoints to access Event Grid topics and domains.

Description

By default, public network access is enabled for an Event Grid topic or domain. To allow access via private endpoints only, disable public network access.

Recommendation

Consider using Private Endpoints to access Event Grid topics and domains. To limit access to Event Grid topics and domains, disable public access.

Examples

Configure with Azure template

To deploy Event Grid Topics that pass this rule:

• Set the properties.publicNetworkAccess property to Disabled.

For example:

Azure Template snippet

{
    "type": "Microsoft.EventGrid/topics",
    "apiVersion": "2021-06-01-preview",
    "name": "[parameters('topicName')]",
    "location": "[parameters('location')]",
    "identity": {
        "type": "SystemAssigned"
    },
    "properties": {
        "disableLocalAuth": true,
        "publicNetworkAccess": "Disabled",
        "inputSchema": "CloudEventSchemaV1_0"
    }
}

Configure with Bicep

To deploy Event Grid Topics that pass this rule:

• Set the properties.publicNetworkAccess property to Disabled.

For example:

Azure Bicep snippet

resource eventGrid 'Microsoft.EventGrid/topics@2021-06-01-preview' = {
  name: topicName
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    disableLocalAuth: true
    publicNetworkAccess: 'Disabled'
    inputSchema: 'CloudEventSchemaV1_0'
  }
}

Links

• Traffic flow security in Azure
• Private Endpoints
• Azure deployment reference

---

Last update: 2022-12-03

Comments