共用方式為


作為事件方格來源的 Azure 訂用帳戶

本文提供 Azure 訂用帳戶事件的屬性和架構。 如需事件架構的簡介,請參閱 Azure 事件方格 事件架構

Azure 訂用帳戶和資源群組會發出相同的事件類型。 事件類型與資源變更或動作相關。 主要差異在於資源群組會針對資源群組內的資源發出事件,而 Azure 訂用帳戶會針對訂用帳戶中的資源發出事件。

系統會針對傳送至 management.azure.com的PUT、PATCH、POST和DELETE作業建立資源事件。 GET 作業不會建立事件。 傳送至數據平面的作業(例如 myaccount.blob.core.windows.net) 不會建立事件。 動作事件會為作業提供事件數據,例如列出資源的索引鍵。

當您訂閱 Azure 訂用帳戶的事件時,您的端點會收到該訂用帳戶的所有事件。 這些事件可以包含您想要查看的事件,例如更新虛擬機,但也包含您不重要的事件,例如在部署歷程記錄中撰寫新專案。 您可以在端點接收所有事件,並撰寫程式代碼來處理您想要處理的事件。 或者,您可以在建立事件訂用帳戶時設定篩選。

若要以程式設計方式處理事件,您可以藉由查看 operationName 值來排序事件。 例如,您的事件端點可能只會處理等於 Microsoft.Compute/virtualMachines/writeMicrosoft.Storage/storageAccounts/write的作業事件。

事件主體是作業目標之資源的資源標識符。 若要篩選資源的事件,請在建立事件訂用帳戶時提供該資源標識符。 若要依資源類型進行篩選,請使用下列格式的值: /subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.Compute/virtualMachines

可用的事件類型

Azure 訂用帳戶會從 Azure Resource Manager 發出管理事件,例如建立 VM 或刪除記憶體帳戶時。

事件類型 描述
Microsoft.Resources.ResourceActionCancel 取消資源動作時引發。
Microsoft.Resources.ResourceActionFailure 資源上的動作失敗時引發。
Microsoft.Resources.ResourceActionSuccess 當資源上的動作成功時引發。
Microsoft.Resources.ResourceDeleteCancel 取消刪除作業時引發。 取消範本部署時,就會發生此事件。
Microsoft.Resources.ResourceDeleteFailure 刪除作業失敗時引發。
Microsoft.Resources.ResourceDeleteSuccess 刪除作業成功時引發。
Microsoft.Resources.ResourceWriteCancel 取消建立或更新作業時引發。
Microsoft.Resources.ResourceWriteFailure 建立或更新作業失敗時引發。
Microsoft.Resources.ResourceWriteSuccess 建立或更新作業成功時引發。

範例事件

下列範例顯示 ResourceWriteSuccess 事件的架構。 相同的架構用於 ResourceWriteFailureResourceWriteCancel 事件,其值不同。eventType

[{
  "subject": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
  "topic": "/subscriptions/{subscription-id}",
  "type": "Microsoft.Resources.ResourceWriteSuccess",
  "time": "2018-07-19T18:38:04.6117357Z",
  "id": "4db48cba-50a2-455a-93b4-de41a3b5b7f6",
  "data": {
    "authorization": {
      "scope": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
      "action": "Microsoft.Storage/storageAccounts/write",
      "evidence": {
        "role": "Subscription Admin"
      }
    },
    "claims": {
      "aud": "{audience-claim}",
      "iss": "{issuer-claim}",
      "iat": "{issued-at-claim}",
      "nbf": "{not-before-claim}",
      "exp": "{expiration-claim}",
      "_claim_names": "{\"groups\":\"src1\"}",
      "_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
      "http://schemas.microsoft.com/claims/authnclassreference": "1",
      "aio": "{token}",
      "http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
      "appid": "{ID}",
      "appidacr": "2",
      "http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
      "e_exp": "{expiration}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
      "ipaddr": "{IP-address}",
      "name": "{full-name}",
      "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
      "onprem_sid": "{ID}",
      "puid": "{ID}",
      "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
      "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
      "uti": "{ID}",
      "ver": "1.0"
    },
    "correlationId": "{ID}",
    "resourceProvider": "Microsoft.Storage",
    "resourceUri": "/subscriptions/{subscription-id}/resourcegroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
    "operationName": "Microsoft.Storage/storageAccounts/write",
    "status": "Succeeded",
    "subscriptionId": "{subscription-id}",
    "tenantId": "{tenant-id}"
  },
  "specversion": "`1.0"

}]

下列範例顯示 ResourceDeleteSuccess 事件的架構。 針對 具有相同值的 ResourceDeleteFailure 和 ResourceDeleteCancel 事件,使用相同的架構。eventType

[{
  "subject": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
  "source": "/subscriptions/{subscription-id}",
  "type": "Microsoft.Resources.ResourceDeleteSuccess",
  "time": "2018-07-19T19:24:12.763881Z",
  "id": "19a69642-1aad-4a96-a5ab-8d05494513ce",
  "data": {
    "authorization": {
      "scope": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
      "action": "Microsoft.Storage/storageAccounts/delete",
      "evidence": {
        "role": "Subscription Admin"
      }
    },
    "claims": {
      "aud": "{audience-claim}",
      "iss": "{issuer-claim}",
      "iat": "{issued-at-claim}",
      "nbf": "{not-before-claim}",
      "exp": "{expiration-claim}",
      "_claim_names": "{\"groups\":\"src1\"}",
      "_claim_sources": "{\"src1\":{\"endpoint\":\"{URI}\"}}",
      "http://schemas.microsoft.com/claims/authnclassreference": "1",
      "aio": "{token}",
      "http://schemas.microsoft.com/claims/authnmethodsreferences": "rsa,mfa",
      "appid": "{ID}",
      "appidacr": "2",
      "http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier": "{ID}",
      "e_exp": "262800",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "{last-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "{first-name}",
      "ipaddr": "{IP-address}",
      "name": "{full-name}",
      "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
      "onprem_sid": "{ID}",
      "puid": "{ID}",
      "http://schemas.microsoft.com/identity/claims/scope": "user_impersonation",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",
      "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "{user-name}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn": "{user-name}",
      "uti": "{ID}",
      "ver": "1.0"
    },
    "correlationId": "{ID}",
    "httpRequest": {
      "clientRequestId": "{ID}",
      "clientIpAddress": "{IP-address}",
      "method": "DELETE",
      "url": "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}?api-version=2018-02-01"
    },
    "resourceProvider": "Microsoft.Storage",
    "resourceUri": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Storage/storageAccounts/{storage-name}",
    "operationName": "Microsoft.Storage/storageAccounts/delete",
    "status": "Succeeded",
    "subscriptionId": "{subscription-id}",
    "tenantId": "{tenant-id}"
  },
  "specversion": "1.0"
}]

下列範例顯示 ResourceActionSuccess 事件的架構。 針對 具有不同值的 ResourceActionFailure 和 ResourceActionCancel 事件,使用相同的架構。eventType

[{   
  "subject": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
  "source": "/subscriptions/{subscription-id}",
  "type": "Microsoft.Resources.ResourceActionSuccess",
  "time": "2018-10-08T22:46:22.6022559Z",
  "id": "{ID}",
  "data": {
    "authorization": {
      "scope": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
      "action": "Microsoft.EventHub/namespaces/AuthorizationRules/listKeys/action",
      "evidence": {
        "role": "Contributor",
        "roleAssignmentScope": "/subscriptions/{subscription-id}",
        "roleAssignmentId": "{ID}",
        "roleDefinitionId": "{ID}",
        "principalId": "{ID}",
        "principalType": "ServicePrincipal"
      }     
    },
    "claims": {
      "aud": "{audience-claim}",
      "iss": "{issuer-claim}",
      "iat": "{issued-at-claim}",
      "nbf": "{not-before-claim}",
      "exp": "{expiration-claim}",
      "aio": "{token}",
      "appid": "{ID}",
      "appidacr": "2",
      "http://schemas.microsoft.com/identity/claims/identityprovider": "{URL}",
      "http://schemas.microsoft.com/identity/claims/objectidentifier": "{ID}",
      "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "{ID}",       "http://schemas.microsoft.com/identity/claims/tenantid": "{ID}",
      "uti": "{ID}",
      "ver": "1.0"
    },
    "correlationId": "{ID}",
    "httpRequest": {
      "clientRequestId": "{ID}",
      "clientIpAddress": "{IP-address}",
      "method": "POST",
      "url": "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey/listKeys?api-version=2017-04-01"
    },
    "resourceProvider": "Microsoft.EventHub",
    "resourceUri": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.EventHub/namespaces/{namespace}/AuthorizationRules/RootManageSharedAccessKey",
    "operationName": "Microsoft.EventHub/namespaces/AuthorizationRules/listKeys/action",
    "status": "Succeeded",
    "subscriptionId": "{subscription-id}",
    "tenantId": "{tenant-id}"
  },
  "specversion": "1.0"
}]

事件屬性

事件具有下列最上層數據:

屬性 類型​ 描述
source string 事件來源的完整資源路徑。 此欄位無法寫入。 事件方格提供此值。
subject string 發行者定義事件主旨的路徑。
type string 此事件來源已註冊的事件類型之一。
time string 事件產生的時間,以提供者的 UTC 時間為準。
id string 事件的唯一識別碼。
data object 訂用帳戶事件數據。
specversion string CloudEvents 架構規格版本。

資料物件具有下列屬性:

屬性 類型​ 描述
authorization object 作業要求的授權。
claims object 宣告的屬性。 如需詳細資訊,請參閱 JWT 規格
correlationId string 用於疑難解答的作業標識碼。
httpRequest object 作業的詳細數據。 只有在更新現有資源或刪除資源時,才會包含此物件。
resourceProvider string 作業的資源提供者。
resourceUri string 作業中資源的 URI。
operationName string 已採取的作業。
status string 作業的狀態。
subscriptionId string 資源的訂用帳戶標識碼。
tenantId string 資源的租用戶標識碼。

教學課程和操作說明

標題 描述
教學課程:使用事件方格和 Microsoft Teams Azure 自動化 建立虛擬機,以傳送事件。 事件會觸發標記虛擬機的自動化 Runbook,並觸發傳送至 Microsoft Teams 通道的訊息。
如何:透過入口網站訂閱事件 使用入口網站訂閱 Azure 訂用帳戶的事件。
Azure CLI:訂閱 Azure 訂用帳戶的事件 範例腳本會建立 Azure 訂用帳戶的事件方格訂用帳戶,並將事件傳送至 WebHook。
PowerShell:訂閱 Azure 訂用帳戶的事件 範例腳本會建立 Azure 訂用帳戶的事件方格訂用帳戶,並將事件傳送至 WebHook。

下一步