Azure Event Grid is a new Platform service in Azure for managing events in a uniform centralized manner. In previous posts I have discussed some of the capabilities of this service including routing custom events, handle specific Azure Storage events and events in general. In this post, I like to continue with another Event Grid use case. The service will play a role in simplifying policy enforcement in Ops Automation in particular providing governance in a resource group.
Governance in an Azure Resource Group using Event Grid
Suppose you have several resource groups. And each have to be in one region only because of data restrictions i.e. you do want to have data sitting in a data center outside of the designated region. And any Azure service in the resource group has to be in the same region. If not than the service will be deleted by a workflow application i.e. Logic App.
The following scenario a Service Bus namespace (service) provisioned in a different region than Central West US will be detected by a Logic App that subscribes to events with subject /subscriptions/0bf166ac-9aa8-4597-bb2a-a845afe01415/resourcegroups/RG_MyResourceGroup/deployments/.
In case the deployment of a service is outside of West Central US, the service in our scenario the Service Bus namespace will be deleted. See the diagram below.
Logic App reacting to a deployment in the Resource Group
A Logic App will enforce the policy of not having a resource i.e. service outside the designated region. Once the event is captured the Logic App be triggered by an event as depicted below.
The filter in Event Grid Action Trigger is specified to be triggered by events with a particular subject specified in the prefix filter. And the subsequent actions will verify if the operation is a deployment:
@equals(triggerBody()?[‘data’][‘operationName’], ‘Microsoft.Resources/deployments/write’)
Next a list resource is request, followed by a loop to find out if any is deployed in different region. We will use the Azure Resource Manager action list resources by resource group (preview). And one in our scenario is not in westcentralus!
This lead to a flag being raised i.e. variable set to 1. Subsequently, a condition checks if variable is 1 and have actions to deleted the resource. This is the Azure Resource Manager action deleted a resource. Note that both Azure Resource Manager actions are still in preview in Logic Apps.
Once a Service Bus namespace is created with a different region the Logic App will react once the provisioning is done. The result is an email (notification) and deletion of the resource.
The deletion of the resource succeeds, however the Logic App action with deletion of the resources fails i.e. 404 resource not found. However, this does make sense if the resource is actually gone.
Summary
Event Grid has a lot to offer and it is still in preview. Wait until its fully matured and supports a wide set event publishers and subscribers. Moreover, this service fill the gaps with regards to event management in the serverless spectrum of Microsoft Azure. Stay tuned for more content for Event Grid in the near future!
Explore more on Azure Functions and Azure Event Grid
