APIM RBAC role assigment not working

Question

I wanted to assign "event hub send role" to APIM instance through bicep (similar to how we assign roles using AIM blade from portal). I have following role assignment in my bicep file:

resource eventHubNamespace 'Microsoft.EventHub/namespaces@2021-06-01-preview' existing = {
  name: eventHubNamespaceName
}

resource apimInstance 'Microsoft.Web/sites@2020-06-01' existing = {
  name: apimInstanceName
}

var roleDefinitionDataSenderId = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2b629674-e913-4c01-ae53-ef4638d8f975')

resource apimPermissions 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: guid(apimInstance.id, apimInstance.name, roleDefinitionDataSenderId)
  scope: eventHubNamespaceName
  properties: {
    principalId: apimInstance.identity.principalId
    principalType: 'ServicePrincipal'
    roleDefinitionId: roleDefinitionDataSenderId
  }
}

Its not showing any error and deployed successfully from pipeline, however when I go to portal-> eventhub namespace -> IAM -> Role Assignment, I am unable to see any role assign to my APIM instance or Managed identity. When I tried to test from APIM proxy I am getting error "Unauthorized : Unauthorized access for 'Send' operation on endpoint 'sb:...."

Also, I verified SAS signature has Send property checked at event hub level and, all 3 (Manage, Send, Listen) checked at namespace level.

Am I missing anything here?

Answer 1

@Vikas Tiwari , Thanks for reaching out.

In the above shared Bicep template you are using 'Microsoft.Web/sites@2020-06-01' instead of 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' and that is the reason you are not able to see the role assignment. I have tested the same in my environment and it is working without any issues.
Please Modify the Bicep Template line 11 with Microsoft.Authorization/roleAssignments@2020-04-01-preview and let me know if you are facing any issues.