Share via

Microsoft.EventGrid topics

Bicep resource definition

The topics resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.EventGrid/topics resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.EventGrid/topics@2025-07-15-preview' = {
  extendedLocation: {
    name: 'string'
    type: 'string'
  }
  identity: {
    principalId: 'string'
    tenantId: 'string'
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {
        clientId: 'string'
        principalId: 'string'
      }
    }
  }
  kind: 'string'
  location: 'string'
  name: 'string'
  properties: {
    dataResidencyBoundary: 'string'
    disableLocalAuth: bool
    encryption: {
      customerManagedKeyEncryption: [
        {
          keyEncryptionKeyIdentity: {
            type: 'string'
            userAssignedIdentityResourceId: 'string'
          }
          keyEncryptionKeyUrl: 'string'
        }
      ]
    }
    eventTypeInfo: {
      inlineEventTypes: {
        {customized property}: {
          dataSchemaUrl: 'string'
          description: 'string'
          displayName: 'string'
          documentationUrl: 'string'
        }
      }
      kind: 'string'
    }
    inboundIpRules: [
      {
        action: 'string'
        ipMask: 'string'
      }
    ]
    inputSchema: 'string'
    inputSchemaMapping: {
      inputSchemaMappingType: 'string'
      // For remaining properties, see InputSchemaMapping objects
    }
    minimumTlsVersionAllowed: 'string'
    platformCapabilities: {
      confidentialCompute: {
        mode: 'string'
      }
    }
    publicNetworkAccess: 'string'
  }
  sku: {
    name: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

InputSchemaMapping objects

Set the inputSchemaMappingType property to specify the type of object.

For Json, use:

{
  inputSchemaMappingType: 'Json'
  properties: {
    dataVersion: {
      defaultValue: 'string'
      sourceField: 'string'
    }
    eventTime: {
      sourceField: 'string'
    }
    eventType: {
      defaultValue: 'string'
      sourceField: 'string'
    }
    id: {
      sourceField: 'string'
    }
    subject: {
      defaultValue: 'string'
      sourceField: 'string'
    }
    topic: {
      sourceField: 'string'
    }
  }
}

Property Values

Microsoft.EventGrid/topics

Name Description Value
extendedLocation Extended location of the resource. ExtendedLocation
identity Identity information for the resource. IdentityInfo
kind Kind of the resource. 'Azure'
'AzureArc'
location Location of the resource. string (required)
name The resource name string (required)
properties Properties of the topic. TopicProperties
sku The Sku pricing tier for the topic. ResourceSku
tags Resource tags Dictionary of tag names and values. See Tags in templates

ConfidentialCompute

Name Description Value
mode This property specifies the mode of the Azure Confidential Compute configuration.
Possible values are 'Disabled' or 'Enabled'.
This is an immutable property set at the time of resource creation and cannot be modified later.
Enabling this property ensures that messages are processed and stored in a Azure Confidential Compute environment.		 'Disabled'
'Enabled' (required)

CustomerManagedKeyEncryption

Name Description Value
keyEncryptionKeyIdentity All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. This is an optional property.
When not specified, the SystemAssigned identity will be used.		 KeyEncryptionKeyIdentity
keyEncryptionKeyUrl Key encryption key URL. This URL can be either versioned (e.g., https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78), or unversioned (e.g.,
https://contosovault.vault.azure.net/keys/contosokek. When versioned URL is used, this version of the key will be used by Event Grid Runtime even if it is rotated. It is user
responsibility to update the URL with the new version by updating the namespace resource. When URL without version is used, Event Grid will query and get latest version and will
be used automatically.		 string (required)

EventTypeInfo

Name Description Value
inlineEventTypes A collection of inline event types for the resource. The inline event type keys are of type string which represents the name of the event.
An example of a valid inline event name is "Contoso.OrderCreated".
The inline event type values are of type InlineEventProperties and will contain additional information for every inline event type.		 EventTypeInfoInlineEventTypes
kind The kind of event type used. 'Inline'

EventTypeInfoInlineEventTypes

Name Description Value

ExtendedLocation

Name Description Value
name Fully qualified name of the extended location. string
type Type of the extended location. string

IdentityInfo

Name Description Value
principalId The principal ID of resource identity. string
tenantId The tenant ID of resource. string
type The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identity. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form:
'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
This property is currently not used and reserved for future usage.		 IdentityInfoUserAssignedIdentities

IdentityInfoUserAssignedIdentities

Name Description Value

InboundIpRule

Name Description Value
action Action to perform based on the match or no match of the IpMask. 'Allow'
ipMask IP Address in CIDR notation e.g., 10.0.0.0/8. string

InlineEventProperties

Name Description Value
dataSchemaUrl The dataSchemaUrl for the inline event. string
description The description for the inline event. string
displayName The displayName for the inline event. string
documentationUrl The documentationUrl for the inline event. string

InputSchemaMapping

Name Description Value
inputSchemaMappingType Set to 'Json' for type JsonInputSchemaMapping. 'Json' (required)

JsonField

Name Description Value
sourceField Name of a field in the input event schema that's to be used as the source of a mapping. string

JsonFieldWithDefault

Name Description Value
defaultValue The default value to be used for mapping when a SourceField is not provided or if there's no property with the specified name in the published JSON event payload. string
sourceField Name of a field in the input event schema that's to be used as the source of a mapping. string

JsonInputSchemaMapping

Name Description Value
inputSchemaMappingType Type of the custom mapping 'Json' (required)
properties JSON Properties of the input schema mapping JsonInputSchemaMappingProperties

JsonInputSchemaMappingProperties

Name Description Value
dataVersion The mapping information for the DataVersion property of the Event Grid Event. JsonFieldWithDefault
eventTime The mapping information for the EventTime property of the Event Grid Event. JsonField
eventType The mapping information for the EventType property of the Event Grid Event. JsonFieldWithDefault
id The mapping information for the Id property of the Event Grid Event. JsonField
subject The mapping information for the Subject property of the Event Grid Event. JsonFieldWithDefault
topic The mapping information for the Topic property of the Event Grid Event. JsonField

KeyEncryption

Name Description Value
customerManagedKeyEncryption List of all customer-managed key encryption properties for the resource. However only one key is supported at a time. CustomerManagedKeyEncryption[] (required)

KeyEncryptionKeyIdentity

Name Description Value
type The type of managed identity used. Only UserAssigned or SystemAssigned Identity are supported. 'SystemAssigned'
'UserAssigned' (required)
userAssignedIdentityResourceId Azure Resource fully qualified Id for the user-assigned identity associated with the resource. The resource Id takes the following format:
'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.		 string

PlatformCapabilities

Name Description Value
confidentialCompute Represents the Azure Confidential Compute properties of the resource. ConfidentialCompute

ResourceSku

Name Description Value
name The Sku name of the resource. The possible values are: Basic or Premium. 'Basic'
'Premium'

TopicProperties

Name Description Value
dataResidencyBoundary Data Residency Boundary of the resource. 'WithinGeopair'
'WithinRegion'
disableLocalAuth This boolean is used to enable or disable local auth. Default value is false. When the property is set to true, only Microsoft Entra ID token will be used to authenticate if user is allowed to publish to the topic. bool
encryption Key encryption configuration properties of the topic resource. This is an optional property. When not specified, no key encryption is used. KeyEncryption
eventTypeInfo Event Type Information for the user topic. This information is provided by the publisher and can be used by the
subscriber to view different types of events that are published.		 EventTypeInfo
inboundIpRules This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. InboundIpRule[]
inputSchema This determines the format that Event Grid should expect for incoming events published to the topic. 'CloudEventSchemaV1_0'
'CustomEventSchema'
'EventGridSchema'
inputSchemaMapping This enables publishing using custom event schemas. An InputSchemaMapping can be specified to map various properties of a source schema to various required properties of the EventGridEvent schema. InputSchemaMapping
minimumTlsVersionAllowed Minimum TLS version of the publisher allowed to publish to this topic '1.0'
'1.1'
'1.2'
platformCapabilities Represents the platform capabilities of the resource, including Azure Confidential Compute related properties. PlatformCapabilities
publicNetworkAccess This determines if traffic is allowed over public network. By default it is enabled.
You can further restrict to specific IPs by configuring <seealso cref="P:Microsoft.Azure.Events.ResourceProvider.Common.Contracts.TopicProperties.InboundIpRules" />		 'Disabled'
'Enabled'
'SecuredByPerimeter'

TrackedResourceTags

Name Description Value

UserIdentityProperties

Name Description Value
clientId The client id of user assigned identity. string
principalId The principal id of user assigned identity. string

Usage Examples

Bicep Samples

A basic example of deploying EventGrid Topic.

param resourceName string = 'acctest0001'
param location string = 'westeurope'

resource topic 'Microsoft.EventGrid/topics@2021-12-01' = {
  name: resourceName
  location: location
  properties: {
    disableLocalAuth: false
    inputSchema: 'EventGridSchema'
    inputSchemaMapping: null
    publicNetworkAccess: 'Enabled'
  }
}

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module Description
Event Grid Topic AVM Resource Module for Event Grid Topic

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File Description
Create Azure Event Grid Custom Topic and Queue Subscription Creates an Azure Event Grid custom topic and a service bus queue subscription. Template originally authored by Markus Meyer.
Create Azure Event Grid Custom Topic and Subscription Creates an Azure Event Grid custom topic and a webhook subscription. Template originally authored by John Downs.

ARM template resource definition

The topics resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.EventGrid/topics resource, add the following JSON to your template.

{
  "type": "Microsoft.EventGrid/topics",
  "apiVersion": "2025-07-15-preview",
  "name": "string",
  "extendedLocation": {
    "name": "string",
    "type": "string"
  },
  "identity": {
    "principalId": "string",
    "tenantId": "string",
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
        "clientId": "string",
        "principalId": "string"
      }
    }
  },
  "kind": "string",
  "location": "string",
  "properties": {
    "dataResidencyBoundary": "string",
    "disableLocalAuth": "bool",
    "encryption": {
      "customerManagedKeyEncryption": [
        {
          "keyEncryptionKeyIdentity": {
            "type": "string",
            "userAssignedIdentityResourceId": "string"
          },
          "keyEncryptionKeyUrl": "string"
        }
      ]
    },
    "eventTypeInfo": {
      "inlineEventTypes": {
        "{customized property}": {
          "dataSchemaUrl": "string",
          "description": "string",
          "displayName": "string",
          "documentationUrl": "string"
        }
      },
      "kind": "string"
    },
    "inboundIpRules": [
      {
        "action": "string",
        "ipMask": "string"
      }
    ],
    "inputSchema": "string",
    "inputSchemaMapping": {
      "inputSchemaMappingType": "string"
      // For remaining properties, see InputSchemaMapping objects
    },
    "minimumTlsVersionAllowed": "string",
    "platformCapabilities": {
      "confidentialCompute": {
        "mode": "string"
      }
    },
    "publicNetworkAccess": "string"
  },
  "sku": {
    "name": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

InputSchemaMapping objects

Set the inputSchemaMappingType property to specify the type of object.

For Json, use:

{
  "inputSchemaMappingType": "Json",
  "properties": {
    "dataVersion": {
      "defaultValue": "string",
      "sourceField": "string"
    },
    "eventTime": {
      "sourceField": "string"
    },
    "eventType": {
      "defaultValue": "string",
      "sourceField": "string"
    },
    "id": {
      "sourceField": "string"
    },
    "subject": {
      "defaultValue": "string",
      "sourceField": "string"
    },
    "topic": {
      "sourceField": "string"
    }
  }
}

Property Values

Microsoft.EventGrid/topics

Name Description Value
apiVersion The api version '2025-07-15-preview'
extendedLocation Extended location of the resource. ExtendedLocation
identity Identity information for the resource. IdentityInfo
kind Kind of the resource. 'Azure'
'AzureArc'
location Location of the resource. string (required)
name The resource name string (required)
properties Properties of the topic. TopicProperties
sku The Sku pricing tier for the topic. ResourceSku
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.EventGrid/topics'

ConfidentialCompute

Name Description Value
mode This property specifies the mode of the Azure Confidential Compute configuration.
Possible values are 'Disabled' or 'Enabled'.
This is an immutable property set at the time of resource creation and cannot be modified later.
Enabling this property ensures that messages are processed and stored in a Azure Confidential Compute environment.		 'Disabled'
'Enabled' (required)

CustomerManagedKeyEncryption

Name Description Value
keyEncryptionKeyIdentity All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. This is an optional property.
When not specified, the SystemAssigned identity will be used.		 KeyEncryptionKeyIdentity
keyEncryptionKeyUrl Key encryption key URL. This URL can be either versioned (e.g., https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78), or unversioned (e.g.,
https://contosovault.vault.azure.net/keys/contosokek. When versioned URL is used, this version of the key will be used by Event Grid Runtime even if it is rotated. It is user
responsibility to update the URL with the new version by updating the namespace resource. When URL without version is used, Event Grid will query and get latest version and will
be used automatically.		 string (required)

EventTypeInfo

Name Description Value
inlineEventTypes A collection of inline event types for the resource. The inline event type keys are of type string which represents the name of the event.
An example of a valid inline event name is "Contoso.OrderCreated".
The inline event type values are of type InlineEventProperties and will contain additional information for every inline event type.		 EventTypeInfoInlineEventTypes
kind The kind of event type used. 'Inline'

EventTypeInfoInlineEventTypes

Name Description Value

ExtendedLocation

Name Description Value
name Fully qualified name of the extended location. string
type Type of the extended location. string

IdentityInfo

Name Description Value
principalId The principal ID of resource identity. string
tenantId The tenant ID of resource. string
type The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identity. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form:
'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
This property is currently not used and reserved for future usage.		 IdentityInfoUserAssignedIdentities

IdentityInfoUserAssignedIdentities

Name Description Value

InboundIpRule

Name Description Value
action Action to perform based on the match or no match of the IpMask. 'Allow'
ipMask IP Address in CIDR notation e.g., 10.0.0.0/8. string

InlineEventProperties

Name Description Value
dataSchemaUrl The dataSchemaUrl for the inline event. string
description The description for the inline event. string
displayName The displayName for the inline event. string
documentationUrl The documentationUrl for the inline event. string

InputSchemaMapping

Name Description Value
inputSchemaMappingType Set to 'Json' for type JsonInputSchemaMapping. 'Json' (required)

JsonField

Name Description Value
sourceField Name of a field in the input event schema that's to be used as the source of a mapping. string

JsonFieldWithDefault

Name Description Value
defaultValue The default value to be used for mapping when a SourceField is not provided or if there's no property with the specified name in the published JSON event payload. string
sourceField Name of a field in the input event schema that's to be used as the source of a mapping. string

JsonInputSchemaMapping

Name Description Value
inputSchemaMappingType Type of the custom mapping 'Json' (required)
properties JSON Properties of the input schema mapping JsonInputSchemaMappingProperties

JsonInputSchemaMappingProperties

Name Description Value
dataVersion The mapping information for the DataVersion property of the Event Grid Event. JsonFieldWithDefault
eventTime The mapping information for the EventTime property of the Event Grid Event. JsonField
eventType The mapping information for the EventType property of the Event Grid Event. JsonFieldWithDefault
id The mapping information for the Id property of the Event Grid Event. JsonField
subject The mapping information for the Subject property of the Event Grid Event. JsonFieldWithDefault
topic The mapping information for the Topic property of the Event Grid Event. JsonField

KeyEncryption

Name Description Value
customerManagedKeyEncryption List of all customer-managed key encryption properties for the resource. However only one key is supported at a time. CustomerManagedKeyEncryption[] (required)

KeyEncryptionKeyIdentity

Name Description Value
type The type of managed identity used. Only UserAssigned or SystemAssigned Identity are supported. 'SystemAssigned'
'UserAssigned' (required)
userAssignedIdentityResourceId Azure Resource fully qualified Id for the user-assigned identity associated with the resource. The resource Id takes the following format:
'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.		 string

PlatformCapabilities

Name Description Value
confidentialCompute Represents the Azure Confidential Compute properties of the resource. ConfidentialCompute

ResourceSku

Name Description Value
name The Sku name of the resource. The possible values are: Basic or Premium. 'Basic'
'Premium'

TopicProperties

Name Description Value
dataResidencyBoundary Data Residency Boundary of the resource. 'WithinGeopair'
'WithinRegion'
disableLocalAuth This boolean is used to enable or disable local auth. Default value is false. When the property is set to true, only Microsoft Entra ID token will be used to authenticate if user is allowed to publish to the topic. bool
encryption Key encryption configuration properties of the topic resource. This is an optional property. When not specified, no key encryption is used. KeyEncryption
eventTypeInfo Event Type Information for the user topic. This information is provided by the publisher and can be used by the
subscriber to view different types of events that are published.		 EventTypeInfo
inboundIpRules This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. InboundIpRule[]
inputSchema This determines the format that Event Grid should expect for incoming events published to the topic. 'CloudEventSchemaV1_0'
'CustomEventSchema'
'EventGridSchema'
inputSchemaMapping This enables publishing using custom event schemas. An InputSchemaMapping can be specified to map various properties of a source schema to various required properties of the EventGridEvent schema. InputSchemaMapping
minimumTlsVersionAllowed Minimum TLS version of the publisher allowed to publish to this topic '1.0'
'1.1'
'1.2'
platformCapabilities Represents the platform capabilities of the resource, including Azure Confidential Compute related properties. PlatformCapabilities
publicNetworkAccess This determines if traffic is allowed over public network. By default it is enabled.
You can further restrict to specific IPs by configuring <seealso cref="P:Microsoft.Azure.Events.ResourceProvider.Common.Contracts.TopicProperties.InboundIpRules" />		 'Disabled'
'Enabled'
'SecuredByPerimeter'

TrackedResourceTags

Name Description Value

UserIdentityProperties

Name Description Value
clientId The client id of user assigned identity. string
principalId The principal id of user assigned identity. string

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template Description
Create Azure Event Grid Custom Topic and Queue Subscription

Deploy to Azure		 Creates an Azure Event Grid custom topic and a service bus queue subscription. Template originally authored by Markus Meyer.
Create Azure Event Grid Custom Topic and Subscription

Deploy to Azure		 Creates an Azure Event Grid custom topic and a webhook subscription. Template originally authored by John Downs.
Create Azure Event Grid Custom Topic Subscription

Deploy to Azure		 Creates an Azure Event Grid custom topic and a service bus topic subscription. Template originally authored by Markus Meyer.
Create Event Grid custom topic and event hub handler

Deploy to Azure		 Creates an Azure Event Grid custom topic and event hub to handle the events.
Custom Azure Event Grid Topic/Subscription with CloudEvents

Deploy to Azure		 Creates a custom Azure Event Grid topic, a webhook subscription having CloudEvents schema, and a Logic App as an event handler. Template originally authored by Justin Yoo.

Terraform (AzAPI provider) resource definition

The topics resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.EventGrid/topics resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.EventGrid/topics@2025-07-15-preview"
  name = "string"
  parent_id = "string"
  identity {
    type = "string"
    identity_ids = [
      "string"
    ]
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    extendedLocation = {
      name = "string"
      type = "string"
    }
    kind = "string"
    properties = {
      dataResidencyBoundary = "string"
      disableLocalAuth = bool
      encryption = {
        customerManagedKeyEncryption = [
          {
            keyEncryptionKeyIdentity = {
              type = "string"
              userAssignedIdentityResourceId = "string"
            }
            keyEncryptionKeyUrl = "string"
          }
        ]
      }
      eventTypeInfo = {
        inlineEventTypes = {
          {customized property} = {
            dataSchemaUrl = "string"
            description = "string"
            displayName = "string"
            documentationUrl = "string"
          }
        }
        kind = "string"
      }
      inboundIpRules = [
        {
          action = "string"
          ipMask = "string"
        }
      ]
      inputSchema = "string"
      inputSchemaMapping = {
        inputSchemaMappingType = "string"
        // For remaining properties, see InputSchemaMapping objects
      }
      minimumTlsVersionAllowed = "string"
      platformCapabilities = {
        confidentialCompute = {
          mode = "string"
        }
      }
      publicNetworkAccess = "string"
    }
    sku = {
      name = "string"
    }
  }
}

InputSchemaMapping objects

Set the inputSchemaMappingType property to specify the type of object.

For Json, use:

{
  inputSchemaMappingType = "Json"
  properties = {
    dataVersion = {
      defaultValue = "string"
      sourceField = "string"
    }
    eventTime = {
      sourceField = "string"
    }
    eventType = {
      defaultValue = "string"
      sourceField = "string"
    }
    id = {
      sourceField = "string"
    }
    subject = {
      defaultValue = "string"
      sourceField = "string"
    }
    topic = {
      sourceField = "string"
    }
  }
}

Property Values

Microsoft.EventGrid/topics

Name Description Value
extendedLocation Extended location of the resource. ExtendedLocation
identity Identity information for the resource. IdentityInfo
kind Kind of the resource. 'Azure'
'AzureArc'
location Location of the resource. string (required)
name The resource name string (required)
properties Properties of the topic. TopicProperties
sku The Sku pricing tier for the topic. ResourceSku
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.EventGrid/topics@2025-07-15-preview"

ConfidentialCompute

Name Description Value
mode This property specifies the mode of the Azure Confidential Compute configuration.
Possible values are 'Disabled' or 'Enabled'.
This is an immutable property set at the time of resource creation and cannot be modified later.
Enabling this property ensures that messages are processed and stored in a Azure Confidential Compute environment.		 'Disabled'
'Enabled' (required)

CustomerManagedKeyEncryption

Name Description Value
keyEncryptionKeyIdentity All identity configuration for Customer-managed key settings defining which identity should be used to auth to Key Vault. This is an optional property.
When not specified, the SystemAssigned identity will be used.		 KeyEncryptionKeyIdentity
keyEncryptionKeyUrl Key encryption key URL. This URL can be either versioned (e.g., https://contosovault.vault.azure.net/keys/contosokek/562a4bb76b524a1493a6afe8e536ee78), or unversioned (e.g.,
https://contosovault.vault.azure.net/keys/contosokek. When versioned URL is used, this version of the key will be used by Event Grid Runtime even if it is rotated. It is user
responsibility to update the URL with the new version by updating the namespace resource. When URL without version is used, Event Grid will query and get latest version and will
be used automatically.		 string (required)

EventTypeInfo

Name Description Value
inlineEventTypes A collection of inline event types for the resource. The inline event type keys are of type string which represents the name of the event.
An example of a valid inline event name is "Contoso.OrderCreated".
The inline event type values are of type InlineEventProperties and will contain additional information for every inline event type.		 EventTypeInfoInlineEventTypes
kind The kind of event type used. 'Inline'

EventTypeInfoInlineEventTypes

Name Description Value

ExtendedLocation

Name Description Value
name Fully qualified name of the extended location. string
type Type of the extended location. string

IdentityInfo

Name Description Value
principalId The principal ID of resource identity. string
tenantId The tenant ID of resource. string
type The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identity. 'None'
'SystemAssigned'
'SystemAssigned, UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form:
'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
This property is currently not used and reserved for future usage.		 IdentityInfoUserAssignedIdentities

IdentityInfoUserAssignedIdentities

Name Description Value

InboundIpRule

Name Description Value
action Action to perform based on the match or no match of the IpMask. 'Allow'
ipMask IP Address in CIDR notation e.g., 10.0.0.0/8. string

InlineEventProperties

Name Description Value
dataSchemaUrl The dataSchemaUrl for the inline event. string
description The description for the inline event. string
displayName The displayName for the inline event. string
documentationUrl The documentationUrl for the inline event. string

InputSchemaMapping

Name Description Value
inputSchemaMappingType Set to 'Json' for type JsonInputSchemaMapping. 'Json' (required)

JsonField

Name Description Value
sourceField Name of a field in the input event schema that's to be used as the source of a mapping. string

JsonFieldWithDefault

Name Description Value
defaultValue The default value to be used for mapping when a SourceField is not provided or if there's no property with the specified name in the published JSON event payload. string
sourceField Name of a field in the input event schema that's to be used as the source of a mapping. string

JsonInputSchemaMapping

Name Description Value
inputSchemaMappingType Type of the custom mapping 'Json' (required)
properties JSON Properties of the input schema mapping JsonInputSchemaMappingProperties

JsonInputSchemaMappingProperties

Name Description Value
dataVersion The mapping information for the DataVersion property of the Event Grid Event. JsonFieldWithDefault
eventTime The mapping information for the EventTime property of the Event Grid Event. JsonField
eventType The mapping information for the EventType property of the Event Grid Event. JsonFieldWithDefault
id The mapping information for the Id property of the Event Grid Event. JsonField
subject The mapping information for the Subject property of the Event Grid Event. JsonFieldWithDefault
topic The mapping information for the Topic property of the Event Grid Event. JsonField

KeyEncryption

Name Description Value
customerManagedKeyEncryption List of all customer-managed key encryption properties for the resource. However only one key is supported at a time. CustomerManagedKeyEncryption[] (required)

KeyEncryptionKeyIdentity

Name Description Value
type The type of managed identity used. Only UserAssigned or SystemAssigned Identity are supported. 'SystemAssigned'
'UserAssigned' (required)
userAssignedIdentityResourceId Azure Resource fully qualified Id for the user-assigned identity associated with the resource. The resource Id takes the following format:
'/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.		 string

PlatformCapabilities

Name Description Value
confidentialCompute Represents the Azure Confidential Compute properties of the resource. ConfidentialCompute

ResourceSku

Name Description Value
name The Sku name of the resource. The possible values are: Basic or Premium. 'Basic'
'Premium'

TopicProperties

Name Description Value
dataResidencyBoundary Data Residency Boundary of the resource. 'WithinGeopair'
'WithinRegion'
disableLocalAuth This boolean is used to enable or disable local auth. Default value is false. When the property is set to true, only Microsoft Entra ID token will be used to authenticate if user is allowed to publish to the topic. bool
encryption Key encryption configuration properties of the topic resource. This is an optional property. When not specified, no key encryption is used. KeyEncryption
eventTypeInfo Event Type Information for the user topic. This information is provided by the publisher and can be used by the
subscriber to view different types of events that are published.		 EventTypeInfo
inboundIpRules This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. InboundIpRule[]
inputSchema This determines the format that Event Grid should expect for incoming events published to the topic. 'CloudEventSchemaV1_0'
'CustomEventSchema'
'EventGridSchema'
inputSchemaMapping This enables publishing using custom event schemas. An InputSchemaMapping can be specified to map various properties of a source schema to various required properties of the EventGridEvent schema. InputSchemaMapping
minimumTlsVersionAllowed Minimum TLS version of the publisher allowed to publish to this topic '1.0'
'1.1'
'1.2'
platformCapabilities Represents the platform capabilities of the resource, including Azure Confidential Compute related properties. PlatformCapabilities
publicNetworkAccess This determines if traffic is allowed over public network. By default it is enabled.
You can further restrict to specific IPs by configuring <seealso cref="P:Microsoft.Azure.Events.ResourceProvider.Common.Contracts.TopicProperties.InboundIpRules" />		 'Disabled'
'Enabled'
'SecuredByPerimeter'

TrackedResourceTags

Name Description Value

UserIdentityProperties

Name Description Value
clientId The client id of user assigned identity. string
principalId The principal id of user assigned identity. string

Usage Examples

Terraform Samples

A basic example of deploying EventGrid Topic.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "location" {
  type    = string
  default = "westeurope"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}

resource "azapi_resource" "topic" {
  type      = "Microsoft.EventGrid/topics@2021-12-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
      disableLocalAuth    = false
      inputSchema         = "EventGridSchema"
      inputSchemaMapping  = null
      publicNetworkAccess = "Enabled"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}

Azure Verified Modules

The following Azure Verified Modules can be used to deploy this resource type.

Module Description
Event Grid Topic AVM Resource Module for Event Grid Topic
  • Last updated on