Bicep: Deployment of an event grid subscription (infrastructure) fails due to handshake validation the webhook endpoint (software)

Question

How do i handle an "Infrastructure to Software" dependency in general or at least in my specific scenario:

The scenario:

Bootstrapping an event grid topic subscription to a webhook endpoint, which has not yet beeing deployed. The target resource (app service app) is being created in the process, but the software and thus the endpoint has not been created, yet. The issue: during ARM deployment of the topic subscription a webhook handshake is being validated.

What are my options? What is considered best practice?

Do i have to split infrastructure deployments pre and post software deployments? Is it possible to register the webhook subscription during the CI/CD of the software? Or can i disable the webhook handshake validation during the ARM deployment?

Thanks in advance,

Jakob

Answer 1

@Schultheis, Jakob (Admin) Thanks for reaching out. Please confirm if my understanding is correct. You have event grid subscription and webapps as the event grid webhook URL and when deploying the resource your event grid resource failed due to the handshake validation? Is my understanding correct?

If it is the above case, then your webapps resource should first be created and your event grid resource should only create once the webapp resource is successfully created so you need to leverage the dependsOn for this dependency.

In case if I misunderstood your ask then please share your workflow between different service/more details so I can assist you.

Answer 2

Sorry, first time i use the Q&A and i used the comment function instead the answer. I found a good article on this matter, which i wanted to share: https://www.kallemarjokorpi.fi/blog/how-to-create-infrastructure-for-eventgrid-and-webhook.html Basically a "post software deployment" is necessary to deploy a web hook subscription.