Use Managed Identity for Event Grid Topics
March 21, 2025 ยท View on GitHub
SYNOPSIS
Use managed identities to deliver Event Grid Topic events.
DESCRIPTION
When delivering events you can use Managed Identities to authenticate event delivery. You can enable either system-assigned identity or user-assigned identity but not both. You can have at most two user-assigned identities assigned to a topic or domain.
RECOMMENDATION
Consider configuring a managed identity for each Event Grid Topic.
EXAMPLES
Configure with Azure template
To deploy Event Grid Topics that pass this rule:
- Set the
identity.typetoSystemAssignedorUserAssigned. - If
identity.typeisUserAssigned, reference the identity withidentity.userAssignedIdentities.
For example:
{
"type": "Microsoft.EventGrid/topics",
"apiVersion": "2022-06-15",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"disableLocalAuth": true,
"publicNetworkAccess": "Disabled",
"inputSchema": "CloudEventSchemaV1_0"
}
}
Configure with Bicep
To deploy Event Grid Topics that pass this rule:
- Set the
identity.typetoSystemAssignedorUserAssigned. - If
identity.typeisUserAssigned, reference the identity withidentity.userAssignedIdentities.
For example:
resource eventGrid 'Microsoft.EventGrid/topics@2022-06-15' = {
name: name
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
disableLocalAuth: true
publicNetworkAccess: 'Disabled'
inputSchema: 'CloudEventSchemaV1_0'
}
}