locked
Event grid for tracking the Azure Resource group tag changes RRS feed

  • Question

  • Hi,

    I have scenario where I wanted to track the changes in Azure resource group tags using event grid.

    Which are all the tags modified accordingly I wanted to take some action

    How to do this?

    If I have more than one subscription and more resource groups inside those subscriptions then How do I need to handle?

    Thanks

    Thursday, April 2, 2020 12:33 PM

All replies

  • Azure subscriptions and resource groups emit the same event types. The event types are related to resource changes or actions. The primary difference is that resource groups emit events for resources within the resource group, and Azure subscriptions emit events for resources across the subscription.

    Resource events are created for PUT, PATCH, POST, and DELETE operations that are sent to management.azure.com

    When you subscribe to events for a resource group, your endpoint receives all events for that resource group. The events can include event you want to see, such as updating a virtual machine, but also events that maybe aren't important to you, such as writing a new entry in the deployment history. You can receive all events at your endpoint and write code that processes the events you want to handle. Or, you can set a filter when creating the event subscription.

    Ex .

    The following example shows the schema for a ResourceWriteSuccess event. The same schema is used for ResourceWriteFailure and ResourceWriteCancel events with different values for eventType

    [{
      "subject": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
      "eventType": "Microsoft.Resources.ResourceWriteSuccess",
      "eventTime": "2018-07-19T18:38:04.6117357Z",
      "id": "4db48cba-50a2-455a-93b4-de41a3b5b7f6",
      "data": {
        "authorization": {
          "scope": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
          "action": "Microsoft.Storage/storageAccounts/write",
          "evidence": {
            "role": "Subscription Admin"
          }
        },
        "claims": {
          "aud": "{audience-claim}",
          "iss": "{issuer-claim}",
          "iat": "{issued-at-claim}",
          "nbf": "{not-before-claim}",
          "exp": "{expiration-claim}",
          "_claim_names": "{\"groups\":\"src1\"}",
          "_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
          "http://schemas.microsoft.com/claims/authnclassreference": "1",
          "aio": "{token}",
          "http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
          "appid": "{ID}",
          "appidacr": "2",
          "http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
          "e_exp": "{expiration}",
          "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
          "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
          "ipaddr": "{IP-address}",
          "name": "{full-name}",
          "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
          "onprem_sid": "{ID}",
          "puid": "{ID}",
          "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
          "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
          "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
          "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
          "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
          "uti": "{ID}",
          "ver": "1.0"
        },
        "correlationId": "{ID}",
        "resourceProvider": "Microsoft.Storage",
        "resourceUri": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
        "operationName": "Microsoft.Storage/storageAccounts/write",
        "status": "Succeeded",
        "subscriptionId": "{subscription-id}",
        "tenantId": "{tenant-id}"
      },
      "dataVersion": "2",
      "metadataVersion": "1",
      "topic": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}"
    }]

    For more info, follow the doc https://docs.microsoft.com/en-us/azure/event-grid/event-schema-resource-groups

    Friday, April 3, 2020 3:04 AM