question

ajkuma-MSFT avatar image
0 Votes"
ajkuma-MSFT asked dixitaro-MSFT answered

Event grid for tracking the Azure Resource group changes

I have scenario where I wanted to track the changes in Azure resource group tags using event grid.

Which are all the tags modified accordingly I wanted to take some action

How to do this? If I have more than one subscription and more resource groups inside those subscriptions then How do I need to handle?

[Note: As we migrate from MSDN, this question has been posted by an Azure Cloud Engineer as a frequently asked question]

Source : MSDN Thread Link



azure-event-grid
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

dixitaro-MSFT avatar image
0 Votes"
dixitaro-MSFT answered

Azure subscriptions and resource groups emit the same event types. The event types are related to resource changes or actions. The primary difference is that resource groups emit events for resources within the resource group, and Azure subscriptions emit events for resources across the subscription.

Resource events are created for PUT, PATCH, POST, and DELETE operations that are sent to management.azure.com

When you subscribe to events for a resource group, your endpoint receives all events for that resource group. The events can include event you want to see, such as updating a virtual machine, but also events that maybe aren't important to you, such as writing a new entry in the deployment history. You can receive all events at your endpoint and write code that processes the events you want to handle. Or, you can set a filter when creating the event subscription.

Ex .

The following example shows the schema for a ResourceWriteSuccess event. The same schema is used for ResourceWriteFailure and ResourceWriteCancel events with different values for eventType


 [{
   "subject": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
   "eventType": "Microsoft.Resources.ResourceWriteSuccess",
   "eventTime": "2018-07-19T18:38:04.6117357Z",
   "id": "4db48cba-50a2-455a-93b4-de41a3b5b7f6",
   "data": {
     "authorization": {
       "scope": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
       "action": "Microsoft.Storage/storageAccounts/write",
       "evidence": {
         "role": "Subscription Admin"
       }
     },
     "claims": {
       "aud": "{audience-claim}",
       "iss": "{issuer-claim}",
       "iat": "{issued-at-claim}",
       "nbf": "{not-before-claim}",
       "exp": "{expiration-claim}",
       "_claim_names": "{\"groups\":\"src1\"}",
       "_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
       "http://schemas.microsoft.com/claims/authnclassreference": "1",
       "aio": "{token}",
       "http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
       "appid": "{ID}",
       "appidacr": "2",
       "http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
       "e_exp": "{expiration}",
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
       "ipaddr": "{IP-address}",
       "name": "{full-name}",
       "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
       "onprem_sid": "{ID}",
       "puid": "{ID}",
       "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
       "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
       "uti": "{ID}",
       "ver": "1.0"
     },
     "correlationId": "{ID}",
     "resourceProvider": "Microsoft.Storage",
     "resourceUri": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
     "operationName": "Microsoft.Storage/storageAccounts/write",
     "status": "Succeeded",
     "subscriptionId": "{subscription-id}",
     "tenantId": "{tenant-id}"
   },
   "dataVersion": "2",
   "metadataVersion": "1",
   "topic": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}"
 }]

For more info, follow the doc https://docs.microsoft.com/en-us/azure/event-grid/event-schema-resource-groups

Source : MSDN Thread Link



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.