Overview
Azure Event Grid is an event handler service that subscribes to certain event sources which then call handlers to perform a task, or tasks, based on the event that occurred. Azure Event Grid documentation is provided here. Azure Functions is an event driven, compute-on-demand experience that extends the existing Azure application platform with capabilities to implement code triggered by events occurring in Azure or third party service as well as on-premises systems.
With Azure Event Grid and Azure Functions working together, Event Grid is configured to handle a specific event, and if that event occurs, can call an Azure Function to perform specific tasks.
We’ll be taking a look at doing the following:
- If a Virtual Machine is created, Event Grid will trigger a Serverless Azure Function written in PowerShell which will then modify the Virtual Machine.
- If a Storage Account is created, Event Grid will trigger a Serverless Azure Function written in PowerShell which will then modify the Storage Account. In this example, I will provide additional code where if the Storage Account is created without the setting requiring HTTPs Encryption Only (EnableHttpsTrafficOnly flag set to $true), the Function will automatically configure the Storage Account to require HTTPs.
Note
In cases where your organization’s compliance requirements demand that EnableHttpsTrafficOnly is always set to $true and it is unacceptable to even allow Storage Account creation where EnableHttpsTraffic is set to $false, it is better to leverage Azure Policy to deny Storage Account creation when the EnableHttpsTrafficOnly flag is set to $false.
These are just two examples. You can configure an endless amount of scenarios in which a resource is provisioned and there is a requirement to customize the deployment. In this case, you can leverage Azure Event Grid with Azure Functions to satisfy these scenarios.
The question may arise, why not use Azure Policy? Azure Policy may be beneficial for certain things such as Appending information or Denying to enforce your compliance settings. There may be times where you can’t Append or you may not want to Deny but have the settings that you want changed at the time of Resource Creation. With this model of leveraging Azure Event Grid and Azure Functions, the configuration change is not immediate and will take several minutes for Azure Event Grid to call the Azure Function, the Azure Function to start, the change be made, and optionally logged.
Note
This blog article will be leveraging the new Azure Functions Preview Interface which is a newly released preview capability at the time of this writing.
This is a two-part series.
Part 1 (Current)
- Creating our Azure Function
- Creating our Azure Event Grid Subscription
- Linking the Azure Function to Event Grid Subscription
- Verifying Azure Event Grid Subscription is successfully linked to our Azure Function
- Viewing Event Grid Data in our Azure Function leveraging Application Insights
- Modify our output into Application Insights to use JSON to get better insight into how to create Event Grid Subscription Filters
- Writing your PowerShell Function to Differentiate Between Resource Types obtained from the Event Grid Subscription
- Executing Actual Code and Logging for a new Storage Account to modify HTTPS Encryption Required Setting from Not Required to Required
- Create a Managed Identity for the Function with Storage Account Contributor
- Creating a Storage Account that is configured to not Require HTTPS Encryption to require HTTPS Encrypting and verify Application Insights Logging as well as verifying Resource modification.
Creating our Azure Function App
Let’s take a look at how we create our Azure Function App using PowerShell and link it to Event Grid. A Function App can be looked at as a hosting unit for Azure Functions to live in.
Go to All Services > Search for function > Click on Function App.
Click Add.
Select the following:
- Subscription you want the Azure Function to live in
- Resource Group you want to store your Azure Function In
- Function App name
- Runtime stack – we’ll be leveraging PowerShell Core
- Region you want your Azure Function to operate in.
Click the Hosting Tab. We’ll be leaving the defaults here to create a new Storage Account, to leverage Windows for hosting the Function (requirement with Azure Functions running PowerShell), and Plan type of Consumption.
Click the Monitoring Tab. We’ll leave Application Insights as Yes. Application Insights provides Monitoring (including real-time) as well as logging capabilities for our Azure Function.
Click Review + Create and then click Create.
Once resources are created, in the Resource Group, you’ll see several resources created.
Base Function Configuration
Now that we have our Function created, we want to configure it to leverage Event Grid for its source of data. Go to All Services > Function App. Click Function App. Then click on your new Function.
Notice the new banner at the top that you can Preview the new Azure Functions management experience? Let’s go ahead and click on that and leverage the new Azure Functions experience.
Now that we’re in the new interface, scroll down to Functions. We currently see there are no Functions within our Function App. Click + Add.
Search for Event Grid and click Azure Event Grid trigger.
Then give the new Event Grid Trigger a name. The default, EventGridTrigger1, will suffice. Click Create Function.
Event Grid Subscription Hook into Azure Function
In our Function App, under Functions, we now see our new Function created. Let’s click on the EventGridTrigger1 Function.
In our EventGridTrigger1 Function, click on Integration. We can see our Trigger is Event Grid Trigger (eventGridEvent). Let’s click on the Trigger.
Now we want to create our Event Grid Subscription from within our Function. This let’s you create the Azure Event Grid Subscription and have it automatically hooked into your Azure Function. That way, our new Azure Function becomes the Event Grid’s Event Handler for the Event Grid Subscription.
Specify a name for the Event Grid Subscription and ensure Event Types are filtered to only Resource Write Success. Later on, we’ll create Filters to filter Event Grid to only trigger on Virtual Machine and Storage Account Resource Creations. But first, I want to show you how you can figure out what the filters need to look like. And that requires our Azure Function to be created and integrated with our Event Grid Subscription.
Click Create
Now verify you have an Event Trigger parameter name for the eventGridEvent. This Parameter name is what is used in the Azure Function Code to leverage details that come from Event Grid.
Verifying Azure Event Grid and Azure Function are Linked
Let’s take a look first at our Azure Function.Go into the Function > Click Integration > Verify Event Grid Trigger (eventGridEvent) is selected.
Now we’ll take a look at Event Grid to see if our Subscription is indeed leveraging our new Azure Function.
Go to All services > Search for Subscriptions > Click on Subscriptions
In Subscriptions, click on the subscription you want to configure for Event Grid, click Events.
We see our Event Grid Subscription with the Event Type of Microsoft.Resources.ResourceWriteSuccess. We also see the Endpoint is Azure Function. Looking good…
At the bottom of the Event Grid Subscription, we can see our hook is into the EventGridTrigger1 Function.
In Part 2, we take a look at how to monitor Event Grid Data coming into our PowerShell Function, learn how to read the data to create Event Grid Filters, and work through a live example of leveraging Event Grid Subscriptions with our PowerShell Function to modify Resource Creation behavior.
Leave a Reply