Skip to content

Use Event Grid Private Endpoints#

Security · Event Grid · Azure.EventGrid.TopicPublicAccess

Use Private Endpoints to access Event Grid topics and domains.

Description#

By default, public network access is enabled for an Event Grid topic or domain. To allow access via private endpoints only, disable public network access.

Recommendation#

Consider using Private Endpoints to access Event Grid topics and domains. To limit access to Event Grid topics and domains, disable public access.

Examples#

Configure with Azure template#

To deploy Event Grid Topics that pass this rule:

  • Set the properties.publicNetworkAccess property to Disabled.

For example:

{
    "type": "Microsoft.EventGrid/topics",
    "apiVersion": "2021-06-01-preview",
    "name": "[parameters('topicName')]",
    "location": "[parameters('location')]",
    "identity": {
        "type": "SystemAssigned"
    },
    "properties": {
        "disableLocalAuth": true,
        "publicNetworkAccess": "Disabled",
        "inputSchema": "CloudEventSchemaV1_0"
    }
}

Configure with Bicep#

To deploy Event Grid Topics that pass this rule:

  • Set the properties.publicNetworkAccess property to Disabled.

For example:

resource eventGrid 'Microsoft.EventGrid/topics@2021-06-01-preview' = {
  name: topicName
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    disableLocalAuth: true
    publicNetworkAccess: 'Disabled'
    inputSchema: 'CloudEventSchemaV1_0'
  }
}

Last update: 2022-01-22