Azure Event Grid is a first-class and hyperscale eventing platform with intelligent filtering that has recently been released in preview and is a real game changer to build event-driven serverless apps on Azure. There have been many other posts, including this one from my colleague Dan Toomey, which highlight all the magic, features and benefits of this new offering on Azure. Thus, I don't pretend to reiterate over these on this post. My goal is, however, to try to show how to solve a particular requirement.
As mentioned here, there are three typical scenarios where Azure Event Grid comes quite handy:
In this post, I will focus on Ops Automation, and will show how to build a workflow to monitor configuration drifts on Azure resources using Azure Event Grid and Logic Apps.
Many organisations and teams have implemented Continuous Integration / Continuous Delivery (CI/CD), and they want to keep all their infrastructure and solution configuration as code, e.g. in a VSTS Git Repo. This has become a quite common practice, and the source of truth for all infrastructure and configuration as code must be in source control. The Role-Based Access Control (RBAC) on Azure allows us to restrict changes to Azure resources to certain roles or users. Furthermore, Azure provides a way to lock resources at different levels (subscription, resources group or resource) to prevent users from deleting or modifying critical resources, thus avoiding configuration drifts.
However, in some exceptional cases, Ops or Admins might need to update their configuration without having the time to go through the process of updating the repo first and then triggering the CI/CD pipeline. These configuration drifts, will make the Git repo to be out-of-sync, which results in a very high risk of subsequent releases overwriting changes in the environment with unintended side effects. Thus, there is a need to monitor the Azure resources for configuration drifts, so the source of truth can be always kept in-sync.
As you probably may have thought, the user story above is quite broad, so let's reduce its scope for demonstration purposes to:
For this scenario, we want to receive a notification whenever the app settings of an Azure App Service (Web App) are updated and are no longer aligned to the "desired state".
To show how this can be achieved with Azure Event Grid (and the Resource Groups Publisher) and Logic Apps, I will build a Logic App workflow that is triggered whenever the app settings of an Azure Web App are modified, and validate if these settings are different to a desired state.
This solution requires the following:
{
"Setting-01": "expected-value-01",
"Setting-02": "expected-value-02",
"Setting-03": "expected-value-03"
}
My solution implemented as a Logic App workflow with an Event Grid Trigger will follow the algorithm described below:
Below I described the two main steps of the workflow in more details
To configure the trigger, we need to specify:
Once we execute a Logic App with this trigger, we should get a payload similar to the one shown below
Logic Apps provide an Azure Resource Manager connector, which allows us to do CRUD operations on Azure via Azure Resource Manager. In our scenario, we are going to use the Invoke Resource Operation to List the App Settings of a Web App. This will return the current (new) state of the Azure Resource, so we can compare it to the Desired State later on the workflow. In your own scenario, you can make use of other operations, like List Resources by Resource Group, Read a Resource, or Read a Resource Group to get the state of your Azure resources. The configuration applied for our scenario is as follows.
The implemented solution as a Logic App workflow is shown below. I hope it is self-explanatory. I included comments on each action to make it easier to follow.
Quite straightforward, isn't?
And in case you are wondering about the code behind, below is the same workflow showing the code view of the relevant actions.
If you want to have a look at the ARM template, including the full code behind of this Logic App, you can check it out here.
In this post, I've shown how to monitor configuration drifts on Azure resources using Event Grid and Logic Apps. We've seen the Resource Groups Event Publisher of Event Grid in action and how it comes in very handy for Ops Automation scenarios. Now, you can start monitoring changes on your Azure resources by just creating subscriptions with the corresponding prefix and suffix filters on Logic Apps. What other useful Ops Automation scenarios can you think of using Event Grids and Logic Apps?
Please feel free to add your comments and questions below,
Happy eventing!
Cross-posted on Paco’s Blog.
Follow Paco on @pacodelacruz.