Azure subscription is at the core of the majority of cloud offerings in Azure. It gives you great audit logs and configurable Role-based Access Control (RBAC). You can grab the logs using a ‘pull’ approach. But how about a ‘push’ approach? Is it possible? With Azure Event Grid, it is! Read on, and I will show you how to do it in less than 30 minutes.
Let’s start with the basics!
What is Azure Event Grid?
Azure Event Grid is a cloud-based routing service that offers a pub-sub model. The main concepts of this service are topics and subscriptions, like in most messaging systems.
The service allows you to ingest events from Azure messaging services (Service Bus, IoT Hub, Event Hub), Resource/Subscription events and Custom events. You can trigger custom events from your system using HTTP calls, which are described here.
Azure Event Grid is meant for processing events and not messages (you can check the messaging services comparison here). In this article, I’ll cover the topic of Azure Subscription that integrates with Azure Function-based WebHook.
Sample application architecture
For the purpose of this article, I created a simple Azure Function that saves events received through the Event Grid in Azure Table Storage using function bindings. You can find out more about Azure Functions in my other article. Then, I load the data and display it as a Power BI report.
You can browse the source code of this solution on GitHub.
To start, we need to create infrastructure in the resource group. To speed things up, I created an ARM template for you.
Adding a new subscription
After infrastructure and source code deployment, we need to create a new subscription that collects the Azure Subscription events and forwards them to the specified Azure Function URL. We can do it in multiple ways, i.e. through the Portal or Azure Resource Manager.
To set up a subscription using the Azure Portal, open it and find Event Grid Subscriptions using the search box to create a new subscription.
Enter the new subscription name and URL of the Azure Function from the previous step responsible for event processing.
After filling out the required configuration fields, you should see your new subscription.
Azure Resource Manager
You can also do this in a more automated way by deploying an Azure Resource Manager (ARM) template. You can check my template here. The only difference is that we need to deploy this at subscription level and not at a resource group level.
To do that with PowerShell, run the New-AzDeployment command instead of New-AzResourceGroupDeployment.
The function I created parses all input events and saves them as new rows in Azure Table Storage. As you may have noticed, one event is processed in a different way – Microsoft.EventGrid.SubscriptionValidationEvent. This is an HTTP call from Event Grid that validates ownership of the provided WebHook url. In our case it validates the access to Azure Function.
Event stream visualization
All data saved in Azure Table Storage is visualized as a Power BI report. This can help you find insights about a failed deployment and other operations invoked at the subscription and deeper levels.
Azure Event Grid is a relatively new offering that can help you integrate events from various sources, starting with Azure services and ending with your systems in nearly real-time. This service is quite inexpensive: it only charges you 0.60 USD per million operations, and the first million are free.