Creating an event subscription for Azure storage account in Terraform

Question

I am trying to create the following resources in Azure using Terraform and Terraform provider for Azure.

Create a storage account for blob storage.
Create an event subscription that will raise events on blob activity.

When running the terraform scripts i get the following error

Error: Error creating/updating EventGrid Event Subscription "evtFileReceived" (Scope "/subscriptions/c17cf5ee-d3d7-4f64-b863-f2a4d6948594/resourceGroups/dominos-doodle"): eventgrid.EventSubscriptionsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidRequest" Message="The specified topic property does not match the expected topic from the event subscription scope."

How shoud i fix it ?. Google search didn't gave any results.

The script that generated the error is as follows. The step that throwed the error is terraform apply

Obviously one way is to use the ARM templates to achieve this, but i am trying to see if it can be created using native Terraform scripts. I referred to Terraform Docs and created the following.

variable "inp_resource_group_name" { }
variable "inp_geo_location" { }
variable "inp_account_name" { }
variable "inp_az_subscription_id" { }
variable "inp_resource_group_id" { }

resource "azurerm_storage_account" "cave" {
  name                     = var.inp_account_name
  resource_group_name      = var.inp_resource_group_name
  location                 = var.inp_geo_location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  account_kind             = "StorageV2"
}

resource "azurerm_storage_container" "validName" {
  name                  = validName"
  resource_group_name   = var.inp_resource_group_name
  storage_account_name  = var.inp_account_name
  container_access_type = "blob"
}

resource "azurerm_eventgrid_event_subscription" "evtFileReceived" {
  name  = "evtFileReceived"
  scope = var.inp_resource_group_id
  topic_name="/subscriptions/${var.inp_az_subscription_id}/resourceGroups/${var.inp_resource_group_name}/providers/Microsoft.Storage/storageAccounts/{var.inp_account_name}"
  webhook_endpoint {
    url = "https://myendpoint.that.works.well.across.all.osi.layers"
  }
}

Nancy Xiong Nancy Xiong · Accepted Answer · 2020-01-13T07:54:10

According to the error message, it indicates that the topic_name property in resource azurerm_eventgrid_event_subscription does not match the expected topic from the event subscription scope.

In this case, the scope should be created at the storage account level as the topic is associated with a storage account resource. It will like this:

resource "azurerm_eventgrid_event_subscription" "evtFileReceived" {
  name  = "evtFileReceived"
  scope = ${azurerm_storage_account.cave.id}
  topic_name="/subscriptions/${var.inp_az_subscription_id}/resourceGroups/${var.inp_resource_group_name}/providers/Microsoft.Storage/storageAccounts/{azurerm_storage_account.cave.name}"
  webhook_endpoint {
    url = "https://myendpoint.that.works.well.across.all.osi.layers"
  }
}

Or, refer to this GitHub issue, you could use the scope with the id of the eventgrid topic.

Realized that the resource group in this case is an art from a topic type to subscribe and not a reference where to create the subscription resource. It seems that "topic_name" and "resource_group_name" are deprecated parameters. Use "scope" instead with the id of the eventgrid topic.

It will like this:

resource "azurerm_eventgrid_topic" "example" {
  name                = "my-eventgrid-topic"
  location            = "${azurerm_resource_group.default.location}"
  resource_group_name = "${azurerm_resource_group.default.name}"

}

resource "azurerm_eventgrid_event_subscription" "evtFileReceived" {
  name  = "evtFileReceived"
  scope = "${azurerm_eventgrid_topic.example.id}"

 webhook_endpoint {
        url = "https://myendpoint.that.works.well.across.all.osi.layers"
      }

}

Please let me know if this works or need further help.

Creating an event subscription for Azure storage account in Terraform

2 Answers