Business events and Azure Event Grid
This topic explains how to configure a Microsoft Azure Event Grid endpoint, and how to consume a business event from Event Grid.
Security best practices recommend that you store connection strings outside applications, in an Azure Key Vault drive, and that you give applications the correct access to the key vault keys, secrets, or certificates.
Here are two of the many benefits of this approach:
- Someone who gets access to the application database won't be able to get the third-party connection string.
- Maintenance is easier, especially when multiple applications access the same resources, because you must update connection strings in only one place.
Here is an overview of the procedures that you must complete:
- Create a new event grid topic.
- Create a new key vault to store the key for the event grid topic.
- Register an Azure app that has permission to access the key vault.
- Configure the parameters of the endpoint.
- Consume the business event.
Procedure 1: Create a new event grid topic
Sign in to the Azure portal.
Select All services > Integration > Event Grid Topics.
Select Add to create a new event grid topic. Set the parameters, and then select Create. You can create a new resource group as a container for your lab, or you can use an existing resource group.
After deployment is completed, select the new event grid. On the property blade, select Overview, and make a note of the Topic Endpoint value. You will need this value later.
Back on the property blade, select Access keys, and copy the Key 1 value. You will need this value when you configure the key vault in the next procedure.
Procedure 2: Create a key vault
In this procedure, you will create a key vault to store the key that you copied in the previous procedure. A key vault is a secure drive that is used to store keys, secrets, and certificates. Instead of storing the connection string, a more typical and more secure approach is to store it in a key vault. You can then register a new application with Azure Active Directory (Azure AD) and grant it the right to retrieve the secret from the key vault.
In the Azure portal, select All services > Security > Key vaults.
Create a new key vault in your resource group and set the default parameters.
Select Overview, then copy and save the DNS Name value for the key vault. You will use this value later.
Select BE-key vault > Secrets > Generate/Import. Enter a name for your secret, and paste the event grid connection string that you saved earlier.
Procedure 3: Register a new application
In this procedure, you will register a new application with Azure AD, and give it read and retrieve access to key vault secrets. The application will then use this application to retrieve event grid secrets.
In the Azure portal, select All services > Security > Azure Active Directory.
Select App registrations (preview) > New registration, and then enter a name for your application.
Select your new application, and then select Certificates & secrets > New client secret. Enter a name for your secret, and set the secret so that it never expires. Then select Add.
Copy and save your new secret. You will use it later.
Secrets are visible only one time. If you forget to copy the secret, you will have to delete it and create a new secret.
Select Overview, and copy and save the application ID. You will use this value later.
Select All services > Security > Key vaults.
Select the key vault that you created earlier, and then select Access policies > Add new.
On the Principal blade, select your new registered application. Select the check boxes for the Get and List secret permissions to retrieve key vault secrets.
Save your new access policy.
Procedure 4: Configure a Business Events endpoint
Sign in to the application and go to System administration > Setup > Business events.
Select Azure Event Grid.
Set the required parameter values.
Procedure 5: Consume a business event
The business scenario involves sending an email message whenever a free text invoice is posted for the USMF company. The message must contain details such as the customer account number, the customer name, and the total amount of the invoice.
Select the business event catalog and look for free text invoice posted business event.
Then activate the business event for USMF company. Once activated, a test message is sent to validate the configuration and cache the connection.
To verify that the test message has been received, in the Azure portal, select your event grid topic, and then select Metrics. Verify that both the Published Events metric and the Unmatched Events metric show a value of at least 1. If they don't, wait for the batch job to pick up your message.
When both metrics have a value of at least 1, you will create a new logic app to subscribe to your event grid topic.
Select All services > Integration > Logic Apps.
Create a new logic app in your resource group.
After your logic app resource has been created, select the option to create a blank logic app.
Search for Event Grid, and select the When a resource event occurs (preview) trigger.
Select your subscription, select Microsoft.EventGrid.Topics as the resource type, and select the name of the event grid topic that you created in procedure 1.
Select New Step to add a new action.
Search for the Parse Json data operation. This step is required so that the message can be parsed by using the provided schema for the data contract.
Click in the Content field of the Parse Json action. The pane that appears gives you the option form the previous trigger. You must select the Data object field of the event grid message that contains the payload that is transmitted by Finance and Operations.
Next, you must enter the provided schema for the contract. This is only a sample payload. However, you can use a capability of Azure Logic Apps to generate a schema from a payload.
Select your event in the business event catalog, and then select the Download schema link. A text file is downloaded. Open the text file, and copy the contents.
Go back to Logic Apps, and select the Use sample payload to generate schema link. Paste the contents of the text file, and then select Done.
Next, you will select a final action, such as sending a notification email that includes customer payment details.
Search for the send email action, and then sign in to your Microsoft 365 account.
Fill in the message with the required fields.
Save your logic app.
Trigger the business event by posting a customer payment. Then verify that the logic app runs, and that you receive an email that includes customer payment details.