Unable to add Event Grid System-assigned Managed Identity to Storage Account Role

0
votes

I'm unable to search for and assign an Event Grid SAMI to a Storage Account. It doesn't appear when searched for unless I select Users instead of Managed Identity.

1. Azure Storage account (ADLS Gen2 w/ hierarchical namespaces)

  • stgstackoverflowtest

2. Create a new Queue

  • stgqueue

enter image description here

3. Create New Event and Subscription

  • Source: stgstackoverflowtest
  • Trigger: When blob created
  • Destination: stgqueue

enter image description here

4. Enable System Assigned Managed Identity (SAMI) for EventGrid system topic

enter image description here

5. Add SAMI as Owner to Storage Account

  • Herein lies the problem(?). I can't select the SAMI because there is no option for "Event Grid"
  • If instead of "Managed Identity", I select "Users" I'm able to locate the Event Grid system topic and add as owner

enter image description here

enter image description here

1
azure-storageazure-managed-identityazure-eventgrid

1 Answers

1
votes

You can do it from within the Event Grid Topic resource. Go to the blade Identity and then click the button Azure role assigments. From there it will show the way itself.

Alternatively Powershell and the Azure CLI commands would also work. An example using the CLI:

az role assignment create `
--assignee <GUID of the managed identity> `
--role 'Storage Queue Data Contributor' `
--scope /subscriptions/<subscription>/resourceGroups/<resourcegroup>/providers/Microsoft.Storage/storageAccounts/<storage>