For my scenario I created the Azure Event Grid Topic in my subscription but I’d like clients outside of my Azure subscription to be able to subscribe to the Topic.
The way to do that is to use a service principal. This creates an App in Azure Active Directory that you can then permit to access to your entire subscription, a resource group or any individual resource. In this case I want to just provide sufficient access to my Event Grid Topic for subscribers.
Read and follow this excellent step by step how to for creating a service principal, including checking permissions and assigning the AAD app to the resource:
This breaks down into:
Create the AAD application.
Take note of:
- Application ID. This will also be referred to as the Client ID. It can be found again in the AAD app afterwards.
- Key. This will also be referred to as the Client Secret. This can only be viewed when you save it. If you don’t make a note you’ll need to create a new key (easy, but just be aware).
- Tenant ID. This will also be referred to as the Directory ID. It can be found again in the AAD app afterwards.
Assign the AAD application to a role.
It’s quite straightforward and doesn’t take long. Having done this you can then access the Topic from another Azure subscription.
For the Logic App in part 2, for example, the initial trigger action of Azure Event Grid can then use the Connect with Service Principal option:
Enter the Service Principal connection details that you made a note of above:
And then you can select the Resource Type (Microsoft.EventGrid.Topics) and you will see the relevant Topic from another subscription:
Cheers,
Giles
Building an Azure Event Grid app. Part 2: Adding a Logic App subscriber to the Event Grid Topic.
Building an Azure Event Grid app. Part 3: Turning the publisher app into a Docker image.
Building an Azure Event Grid app. Part 4: Adding a Service Principal to the Event Grid Topic.
Building an Azure Event Grid app. Part 5: Add a sprinkling of DevOps with a dash of VSTS.