Microsoft.EventGrid namespaces
Bicep resource definition
The namespaces resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.EventGrid/namespaces resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.EventGrid/namespaces@2024-12-15-preview' = {
identity: {
principalId: 'string'
tenantId: 'string'
type: 'string'
userAssignedIdentities: {
{customized property}: {
clientId: 'string'
principalId: 'string'
}
}
}
location: 'string'
name: 'string'
properties: {
inboundIpRules: [
{
action: 'string'
ipMask: 'string'
}
]
isZoneRedundant: bool
minimumTlsVersionAllowed: 'string'
privateEndpointConnections: [
{
properties: {
groupIds: [
'string'
]
privateEndpoint: {
id: 'string'
}
privateLinkServiceConnectionState: {
actionsRequired: 'string'
description: 'string'
status: 'string'
}
provisioningState: 'string'
}
}
]
publicNetworkAccess: 'string'
topicsConfiguration: {
customDomains: [
{
certificateUrl: 'string'
expectedTxtRecordName: 'string'
expectedTxtRecordValue: 'string'
fullyQualifiedDomainName: 'string'
identity: {
type: 'string'
userAssignedIdentity: 'string'
}
validationState: 'string'
}
]
}
topicSpacesConfiguration: {
clientAuthentication: {
alternativeAuthenticationNameSources: [
'string'
]
customJwtAuthentication: {
encodedIssuerCertificates: [
{
encodedCertificate: 'string'
kid: 'string'
}
]
issuerCertificates: [
{
certificateUrl: 'string'
identity: {
type: 'string'
userAssignedIdentity: 'string'
}
}
]
tokenIssuer: 'string'
}
}
customDomains: [
{
certificateUrl: 'string'
expectedTxtRecordName: 'string'
expectedTxtRecordValue: 'string'
fullyQualifiedDomainName: 'string'
identity: {
type: 'string'
userAssignedIdentity: 'string'
}
validationState: 'string'
}
]
maximumClientSessionsPerAuthenticationName: int
maximumSessionExpiryInHours: int
routeTopicResourceId: 'string'
routingEnrichments: {
dynamic: [
{
key: 'string'
value: 'string'
}
]
static: [
{
key: 'string'
valueType: 'string'
// For remaining properties, see StaticRoutingEnrichment objects
}
]
}
routingIdentityInfo: {
type: 'string'
userAssignedIdentity: 'string'
}
state: 'string'
}
}
sku: {
capacity: int
name: 'string'
}
tags: {
{customized property}: 'string'
}
}
StaticRoutingEnrichment objects
Set the valueType property to specify the type of object.
For String, use:
{
value: 'string'
valueType: 'String'
}
Property Values
ClientAuthenticationSettings
| Name | Description | Value |
|---|---|---|
| alternativeAuthenticationNameSources | Alternative authentication name sources related to client authentication settings for namespace resource. | String array containing any of: 'ClientCertificateDns' 'ClientCertificateEmail' 'ClientCertificateIp' 'ClientCertificateSubject' 'ClientCertificateUri' |
| customJwtAuthentication | Custom JWT authentication settings for namespace resource. | CustomJwtAuthenticationSettings |
ConnectionState
| Name | Description | Value |
|---|---|---|
| actionsRequired | Actions required (if any). | string |
| description | Description of the connection state. | string |
| status | Status of the connection. | 'Approved' 'Disconnected' 'Pending' 'Rejected' |
CustomDomainConfiguration
| Name | Description | Value |
|---|---|---|
| certificateUrl | The URL for the certificate that is used for publishing to the custom domain. We currently support certificates stored in Azure Key Vault only. While certificate URL can be either versioned URL of the following format https://{key-vault-name}.vault.azure.net/certificates/{certificate-name}/{version-id}, or unversioned URL of the following format (e.g., https://contosovault.vault.azure.net/certificates/contosocert, we support unversioned certificate URL only (e.g., https://contosovault.vault.azure.net/certificates/contosocert) |
string |
| expectedTxtRecordName | Expected DNS TXT record name. Event Grid will check for a TXT record with this name in the DNS record set of the custom domain name to prove ownership over the domain. The values under this TXT record must contain the expected TXT record value. |
string |
| expectedTxtRecordValue | Expected DNS TXT record value. Event Grid will check for a TXT record with this value in the DNS record set of the custom domain name to prove ownership over the domain. | string |
| fullyQualifiedDomainName | Fully Qualified Domain Name (FQDN) for the custom domain. | string (required) |
| identity | Identity info for accessing the certificate for the custom domain. This identity info must match an identity that has been set on the namespace. | CustomDomainIdentity |
| validationState | Validation state for the custom domain. This is a read only property and is initially set to 'Pending' and will be updated to 'Approved' by Event Grid only after ownership of the domain name has been successfully validated. | 'Approved' 'ErrorRetrievingDnsRecord' 'Pending' |
CustomDomainIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of managed identity used. Can be either 'SystemAssigned' or 'UserAssigned'. | 'SystemAssigned' 'UserAssigned' |
| userAssignedIdentity | The user identity associated with the resource. | string |
CustomJwtAuthenticationManagedIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of managed identity used. Can be either 'SystemAssigned' or 'UserAssigned'. | 'SystemAssigned' 'UserAssigned' (required) |
| userAssignedIdentity | The user identity associated with the resource. | string |
CustomJwtAuthenticationSettings
| Name | Description | Value |
|---|---|---|
| encodedIssuerCertificates | Information about the encoded public certificates that are used for custom authentication. | EncodedIssuerCertificateInfo[] |
| issuerCertificates | Information about the certificates that are used for token validation. We currently support maximum 2 certificates. | IssuerCertificateInfo[] |
| tokenIssuer | Expected JWT token issuer. | string |
DynamicRoutingEnrichment
| Name | Description | Value |
|---|---|---|
| key | Dynamic routing enrichment key. | string |
| value | Dynamic routing enrichment value. | string |
EncodedIssuerCertificateInfo
| Name | Description | Value |
|---|---|---|
| encodedCertificate | Certificate in pem format. | string (required) |
| kid | Identifier for the certificate. | string (required) |
IdentityInfo
| Name | Description | Value |
|---|---|---|
| principalId | The principal ID of resource identity. | string |
| tenantId | The tenant ID of resource. | string |
| type | The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identity. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. This property is currently not used and reserved for future usage. |
IdentityInfoUserAssignedIdentities |
IdentityInfoUserAssignedIdentities
| Name | Description | Value |
|---|
InboundIpRule
| Name | Description | Value |
|---|---|---|
| action | Action to perform based on the match or no match of the IpMask. | 'Allow' |
| ipMask | IP Address in CIDR notation e.g., 10.0.0.0/8. | string |
IssuerCertificateInfo
| Name | Description | Value |
|---|---|---|
| certificateUrl | Keyvault certificate URL in https://keyvaultname.vault.azure.net/certificates/certificateName/certificateVersion format. | string (required) |
| identity | The identity that will be used to access the certificate. | CustomJwtAuthenticationManagedIdentity |
Microsoft.EventGrid/namespaces
| Name | Description | Value |
|---|---|---|
| identity | Identity information for the Namespace resource. | IdentityInfo |
| location | Location of the resource. | string (required) |
| name | The resource name | string Constraints: Min length = 3 Max length = 50 Pattern = ^[a-zA-Z0-9-]*$ (required) |
| properties | Properties of the Namespace resource. | NamespaceProperties |
| sku | Represents available Sku pricing tiers. | NamespaceSku |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
NamespaceProperties
| Name | Description | Value |
|---|---|---|
| inboundIpRules | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | InboundIpRule[] |
| isZoneRedundant | This is an optional property and it allows the user to specify if the namespace resource supports zone-redundancy capability or not. If this property is not specified explicitly by the user, its default value depends on the following conditions: a. For Availability Zones enabled regions - The default property value would be true. b. For non-Availability Zones enabled regions - The default property value would be false. Once specified, this property cannot be updated. |
bool |
| minimumTlsVersionAllowed | Minimum TLS version of the publisher allowed to publish to this namespace. Only TLS version 1.2 is supported. | '1.0' '1.1' '1.2' |
| privateEndpointConnections | List of private endpoint connections. | PrivateEndpointConnection[] |
| publicNetworkAccess | This determines if traffic is allowed over public network. By default it is enabled. You can further restrict to specific IPs by configuring <seealso cref="P:Microsoft.Azure.Events.ResourceProvider.Common.Contracts.PubSub.NamespaceProperties.InboundIpRules" /> |
'Disabled' 'Enabled' 'SecuredByPerimeter' |
| topicsConfiguration | Topics configuration information for the namespace resource | TopicsConfiguration |
| topicSpacesConfiguration | Topic spaces configuration information for the namespace resource | TopicSpacesConfiguration |
NamespaceSku
| Name | Description | Value |
|---|---|---|
| capacity | Specifies the number of Throughput Units that defines the capacity for the namespace. The property default value is 1 which signifies 1 Throughput Unit = 1MB/s ingress and 2MB/s egress per namespace. Min capacity is 1 and max allowed capacity is 20. |
int |
| name | The name of the SKU. | 'Standard' |
PrivateEndpoint
| Name | Description | Value |
|---|---|---|
| id | The ARM identifier for Private Endpoint. | string |
PrivateEndpointConnection
| Name | Description | Value |
|---|---|---|
| properties | Properties of the PrivateEndpointConnection. | PrivateEndpointConnectionProperties |
PrivateEndpointConnectionProperties
| Name | Description | Value |
|---|---|---|
| groupIds | GroupIds from the private link service resource. | string[] |
| privateEndpoint | The Private Endpoint resource for this Connection. | PrivateEndpoint |
| privateLinkServiceConnectionState | Details about the state of the connection. | ConnectionState |
| provisioningState | Provisioning state of the Private Endpoint Connection. | 'Canceled' 'Creating' 'Deleting' 'Failed' 'Succeeded' 'Updating' |
RoutingEnrichments
| Name | Description | Value |
|---|---|---|
| dynamic | DynamicRoutingEnrichment[] | |
| static | StaticRoutingEnrichment[] |
RoutingIdentityInfo
| Name | Description | Value |
|---|---|---|
| type | Routing identity type for topic spaces configuration. | 'None' 'SystemAssigned' 'UserAssigned' |
| userAssignedIdentity | string |
StaticRoutingEnrichment
| Name | Description | Value |
|---|---|---|
| key | Static routing enrichment key. | string |
| valueType | Set to 'String' for type StaticStringRoutingEnrichment. | 'String' (required) |
StaticStringRoutingEnrichment
| Name | Description | Value |
|---|---|---|
| value | String type routing enrichment value. | string |
| valueType | Static routing enrichment value type. For e.g. this property value can be 'String'. | 'String' (required) |
TopicsConfiguration
| Name | Description | Value |
|---|---|---|
| customDomains | List of custom domain configurations for the namespace. | CustomDomainConfiguration[] |
TopicSpacesConfiguration
| Name | Description | Value |
|---|---|---|
| clientAuthentication | Client authentication settings for topic spaces configuration. | ClientAuthenticationSettings |
| customDomains | List of custom domain configurations for the namespace. | CustomDomainConfiguration[] |
| maximumClientSessionsPerAuthenticationName | The maximum number of sessions per authentication name. The property default value is 1. Min allowed value is 1 and max allowed value is 100. |
int |
| maximumSessionExpiryInHours | The maximum session expiry in hours. The property default value is 1 hour. Min allowed value is 1 hour and max allowed value is 8 hours. |
int |
| routeTopicResourceId | Fully qualified Azure Resource Id for the Event Grid Topic to which events will be routed to from TopicSpaces under a namespace. This property should be in the following format '/subscriptions/{subId}/resourcegroups/{resourceGroupName}/providers/microsoft.EventGrid/topics/{topicName}'. This topic should reside in the same region where namespace is located. |
string |
| routingEnrichments | Routing enrichments for topic spaces configuration | RoutingEnrichments |
| routingIdentityInfo | Routing identity info for topic spaces configuration. | RoutingIdentityInfo |
| state | Indicate if Topic Spaces Configuration is enabled for the namespace. Default is Disabled. | 'Disabled' 'Enabled' |
TrackedResourceTags
| Name | Description | Value |
|---|
UserIdentityProperties
| Name | Description | Value |
|---|---|---|
| clientId | The client id of user assigned identity. | string |
| principalId | The principal id of user assigned identity. | string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| Event Grid Namespace | AVM Resource Module for Event Grid Namespace |
ARM template resource definition
The namespaces resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.EventGrid/namespaces resource, add the following JSON to your template.
{
"type": "Microsoft.EventGrid/namespaces",
"apiVersion": "2024-12-15-preview",
"name": "string",
"identity": {
"principalId": "string",
"tenantId": "string",
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
"clientId": "string",
"principalId": "string"
}
}
},
"location": "string",
"properties": {
"inboundIpRules": [
{
"action": "string",
"ipMask": "string"
}
],
"isZoneRedundant": "bool",
"minimumTlsVersionAllowed": "string",
"privateEndpointConnections": [
{
"properties": {
"groupIds": [ "string" ],
"privateEndpoint": {
"id": "string"
},
"privateLinkServiceConnectionState": {
"actionsRequired": "string",
"description": "string",
"status": "string"
},
"provisioningState": "string"
}
}
],
"publicNetworkAccess": "string",
"topicsConfiguration": {
"customDomains": [
{
"certificateUrl": "string",
"expectedTxtRecordName": "string",
"expectedTxtRecordValue": "string",
"fullyQualifiedDomainName": "string",
"identity": {
"type": "string",
"userAssignedIdentity": "string"
},
"validationState": "string"
}
]
},
"topicSpacesConfiguration": {
"clientAuthentication": {
"alternativeAuthenticationNameSources": [ "string" ],
"customJwtAuthentication": {
"encodedIssuerCertificates": [
{
"encodedCertificate": "string",
"kid": "string"
}
],
"issuerCertificates": [
{
"certificateUrl": "string",
"identity": {
"type": "string",
"userAssignedIdentity": "string"
}
}
],
"tokenIssuer": "string"
}
},
"customDomains": [
{
"certificateUrl": "string",
"expectedTxtRecordName": "string",
"expectedTxtRecordValue": "string",
"fullyQualifiedDomainName": "string",
"identity": {
"type": "string",
"userAssignedIdentity": "string"
},
"validationState": "string"
}
],
"maximumClientSessionsPerAuthenticationName": "int",
"maximumSessionExpiryInHours": "int",
"routeTopicResourceId": "string",
"routingEnrichments": {
"dynamic": [
{
"key": "string",
"value": "string"
}
],
"static": [ {
"key": "string",
"valueType": "string"
// For remaining properties, see StaticRoutingEnrichment objects
} ]
},
"routingIdentityInfo": {
"type": "string",
"userAssignedIdentity": "string"
},
"state": "string"
}
},
"sku": {
"capacity": "int",
"name": "string"
},
"tags": {
"{customized property}": "string"
}
}
StaticRoutingEnrichment objects
Set the valueType property to specify the type of object.
For String, use:
{
"value": "string",
"valueType": "String"
}
Property Values
ClientAuthenticationSettings
| Name | Description | Value |
|---|---|---|
| alternativeAuthenticationNameSources | Alternative authentication name sources related to client authentication settings for namespace resource. | String array containing any of: 'ClientCertificateDns' 'ClientCertificateEmail' 'ClientCertificateIp' 'ClientCertificateSubject' 'ClientCertificateUri' |
| customJwtAuthentication | Custom JWT authentication settings for namespace resource. | CustomJwtAuthenticationSettings |
ConnectionState
| Name | Description | Value |
|---|---|---|
| actionsRequired | Actions required (if any). | string |
| description | Description of the connection state. | string |
| status | Status of the connection. | 'Approved' 'Disconnected' 'Pending' 'Rejected' |
CustomDomainConfiguration
| Name | Description | Value |
|---|---|---|
| certificateUrl | The URL for the certificate that is used for publishing to the custom domain. We currently support certificates stored in Azure Key Vault only. While certificate URL can be either versioned URL of the following format https://{key-vault-name}.vault.azure.net/certificates/{certificate-name}/{version-id}, or unversioned URL of the following format (e.g., https://contosovault.vault.azure.net/certificates/contosocert, we support unversioned certificate URL only (e.g., https://contosovault.vault.azure.net/certificates/contosocert) |
string |
| expectedTxtRecordName | Expected DNS TXT record name. Event Grid will check for a TXT record with this name in the DNS record set of the custom domain name to prove ownership over the domain. The values under this TXT record must contain the expected TXT record value. |
string |
| expectedTxtRecordValue | Expected DNS TXT record value. Event Grid will check for a TXT record with this value in the DNS record set of the custom domain name to prove ownership over the domain. | string |
| fullyQualifiedDomainName | Fully Qualified Domain Name (FQDN) for the custom domain. | string (required) |
| identity | Identity info for accessing the certificate for the custom domain. This identity info must match an identity that has been set on the namespace. | CustomDomainIdentity |
| validationState | Validation state for the custom domain. This is a read only property and is initially set to 'Pending' and will be updated to 'Approved' by Event Grid only after ownership of the domain name has been successfully validated. | 'Approved' 'ErrorRetrievingDnsRecord' 'Pending' |
CustomDomainIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of managed identity used. Can be either 'SystemAssigned' or 'UserAssigned'. | 'SystemAssigned' 'UserAssigned' |
| userAssignedIdentity | The user identity associated with the resource. | string |
CustomJwtAuthenticationManagedIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of managed identity used. Can be either 'SystemAssigned' or 'UserAssigned'. | 'SystemAssigned' 'UserAssigned' (required) |
| userAssignedIdentity | The user identity associated with the resource. | string |
CustomJwtAuthenticationSettings
| Name | Description | Value |
|---|---|---|
| encodedIssuerCertificates | Information about the encoded public certificates that are used for custom authentication. | EncodedIssuerCertificateInfo[] |
| issuerCertificates | Information about the certificates that are used for token validation. We currently support maximum 2 certificates. | IssuerCertificateInfo[] |
| tokenIssuer | Expected JWT token issuer. | string |
DynamicRoutingEnrichment
| Name | Description | Value |
|---|---|---|
| key | Dynamic routing enrichment key. | string |
| value | Dynamic routing enrichment value. | string |
EncodedIssuerCertificateInfo
| Name | Description | Value |
|---|---|---|
| encodedCertificate | Certificate in pem format. | string (required) |
| kid | Identifier for the certificate. | string (required) |
IdentityInfo
| Name | Description | Value |
|---|---|---|
| principalId | The principal ID of resource identity. | string |
| tenantId | The tenant ID of resource. | string |
| type | The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identity. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. This property is currently not used and reserved for future usage. |
IdentityInfoUserAssignedIdentities |
IdentityInfoUserAssignedIdentities
| Name | Description | Value |
|---|
InboundIpRule
| Name | Description | Value |
|---|---|---|
| action | Action to perform based on the match or no match of the IpMask. | 'Allow' |
| ipMask | IP Address in CIDR notation e.g., 10.0.0.0/8. | string |
IssuerCertificateInfo
| Name | Description | Value |
|---|---|---|
| certificateUrl | Keyvault certificate URL in https://keyvaultname.vault.azure.net/certificates/certificateName/certificateVersion format. | string (required) |
| identity | The identity that will be used to access the certificate. | CustomJwtAuthenticationManagedIdentity |
Microsoft.EventGrid/namespaces
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2024-12-15-preview' |
| identity | Identity information for the Namespace resource. | IdentityInfo |
| location | Location of the resource. | string (required) |
| name | The resource name | string Constraints: Min length = 3 Max length = 50 Pattern = ^[a-zA-Z0-9-]*$ (required) |
| properties | Properties of the Namespace resource. | NamespaceProperties |
| sku | Represents available Sku pricing tiers. | NamespaceSku |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.EventGrid/namespaces' |
NamespaceProperties
| Name | Description | Value |
|---|---|---|
| inboundIpRules | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | InboundIpRule[] |
| isZoneRedundant | This is an optional property and it allows the user to specify if the namespace resource supports zone-redundancy capability or not. If this property is not specified explicitly by the user, its default value depends on the following conditions: a. For Availability Zones enabled regions - The default property value would be true. b. For non-Availability Zones enabled regions - The default property value would be false. Once specified, this property cannot be updated. |
bool |
| minimumTlsVersionAllowed | Minimum TLS version of the publisher allowed to publish to this namespace. Only TLS version 1.2 is supported. | '1.0' '1.1' '1.2' |
| privateEndpointConnections | List of private endpoint connections. | PrivateEndpointConnection[] |
| publicNetworkAccess | This determines if traffic is allowed over public network. By default it is enabled. You can further restrict to specific IPs by configuring <seealso cref="P:Microsoft.Azure.Events.ResourceProvider.Common.Contracts.PubSub.NamespaceProperties.InboundIpRules" /> |
'Disabled' 'Enabled' 'SecuredByPerimeter' |
| topicsConfiguration | Topics configuration information for the namespace resource | TopicsConfiguration |
| topicSpacesConfiguration | Topic spaces configuration information for the namespace resource | TopicSpacesConfiguration |
NamespaceSku
| Name | Description | Value |
|---|---|---|
| capacity | Specifies the number of Throughput Units that defines the capacity for the namespace. The property default value is 1 which signifies 1 Throughput Unit = 1MB/s ingress and 2MB/s egress per namespace. Min capacity is 1 and max allowed capacity is 20. |
int |
| name | The name of the SKU. | 'Standard' |
PrivateEndpoint
| Name | Description | Value |
|---|---|---|
| id | The ARM identifier for Private Endpoint. | string |
PrivateEndpointConnection
| Name | Description | Value |
|---|---|---|
| properties | Properties of the PrivateEndpointConnection. | PrivateEndpointConnectionProperties |
PrivateEndpointConnectionProperties
| Name | Description | Value |
|---|---|---|
| groupIds | GroupIds from the private link service resource. | string[] |
| privateEndpoint | The Private Endpoint resource for this Connection. | PrivateEndpoint |
| privateLinkServiceConnectionState | Details about the state of the connection. | ConnectionState |
| provisioningState | Provisioning state of the Private Endpoint Connection. | 'Canceled' 'Creating' 'Deleting' 'Failed' 'Succeeded' 'Updating' |
RoutingEnrichments
| Name | Description | Value |
|---|---|---|
| dynamic | DynamicRoutingEnrichment[] | |
| static | StaticRoutingEnrichment[] |
RoutingIdentityInfo
| Name | Description | Value |
|---|---|---|
| type | Routing identity type for topic spaces configuration. | 'None' 'SystemAssigned' 'UserAssigned' |
| userAssignedIdentity | string |
StaticRoutingEnrichment
| Name | Description | Value |
|---|---|---|
| key | Static routing enrichment key. | string |
| valueType | Set to 'String' for type StaticStringRoutingEnrichment. | 'String' (required) |
StaticStringRoutingEnrichment
| Name | Description | Value |
|---|---|---|
| value | String type routing enrichment value. | string |
| valueType | Static routing enrichment value type. For e.g. this property value can be 'String'. | 'String' (required) |
TopicsConfiguration
| Name | Description | Value |
|---|---|---|
| customDomains | List of custom domain configurations for the namespace. | CustomDomainConfiguration[] |
TopicSpacesConfiguration
| Name | Description | Value |
|---|---|---|
| clientAuthentication | Client authentication settings for topic spaces configuration. | ClientAuthenticationSettings |
| customDomains | List of custom domain configurations for the namespace. | CustomDomainConfiguration[] |
| maximumClientSessionsPerAuthenticationName | The maximum number of sessions per authentication name. The property default value is 1. Min allowed value is 1 and max allowed value is 100. |
int |
| maximumSessionExpiryInHours | The maximum session expiry in hours. The property default value is 1 hour. Min allowed value is 1 hour and max allowed value is 8 hours. |
int |
| routeTopicResourceId | Fully qualified Azure Resource Id for the Event Grid Topic to which events will be routed to from TopicSpaces under a namespace. This property should be in the following format '/subscriptions/{subId}/resourcegroups/{resourceGroupName}/providers/microsoft.EventGrid/topics/{topicName}'. This topic should reside in the same region where namespace is located. |
string |
| routingEnrichments | Routing enrichments for topic spaces configuration | RoutingEnrichments |
| routingIdentityInfo | Routing identity info for topic spaces configuration. | RoutingIdentityInfo |
| state | Indicate if Topic Spaces Configuration is enabled for the namespace. Default is Disabled. | 'Disabled' 'Enabled' |
TrackedResourceTags
| Name | Description | Value |
|---|
UserIdentityProperties
| Name | Description | Value |
|---|---|---|
| clientId | The client id of user assigned identity. | string |
| principalId | The principal id of user assigned identity. | string |
Usage Examples
Terraform (AzAPI provider) resource definition
The namespaces resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.EventGrid/namespaces resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.EventGrid/namespaces@2024-12-15-preview"
name = "string"
identity = {
principalId = "string"
tenantId = "string"
type = "string"
userAssignedIdentities = {
{customized property} = {
clientId = "string"
principalId = "string"
}
}
}
location = "string"
sku = {
capacity = int
name = "string"
}
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
inboundIpRules = [
{
action = "string"
ipMask = "string"
}
]
isZoneRedundant = bool
minimumTlsVersionAllowed = "string"
privateEndpointConnections = [
{
properties = {
groupIds = [
"string"
]
privateEndpoint = {
id = "string"
}
privateLinkServiceConnectionState = {
actionsRequired = "string"
description = "string"
status = "string"
}
provisioningState = "string"
}
}
]
publicNetworkAccess = "string"
topicsConfiguration = {
customDomains = [
{
certificateUrl = "string"
expectedTxtRecordName = "string"
expectedTxtRecordValue = "string"
fullyQualifiedDomainName = "string"
identity = {
type = "string"
userAssignedIdentity = "string"
}
validationState = "string"
}
]
}
topicSpacesConfiguration = {
clientAuthentication = {
alternativeAuthenticationNameSources = [
"string"
]
customJwtAuthentication = {
encodedIssuerCertificates = [
{
encodedCertificate = "string"
kid = "string"
}
]
issuerCertificates = [
{
certificateUrl = "string"
identity = {
type = "string"
userAssignedIdentity = "string"
}
}
]
tokenIssuer = "string"
}
}
customDomains = [
{
certificateUrl = "string"
expectedTxtRecordName = "string"
expectedTxtRecordValue = "string"
fullyQualifiedDomainName = "string"
identity = {
type = "string"
userAssignedIdentity = "string"
}
validationState = "string"
}
]
maximumClientSessionsPerAuthenticationName = int
maximumSessionExpiryInHours = int
routeTopicResourceId = "string"
routingEnrichments = {
dynamic = [
{
key = "string"
value = "string"
}
]
static = [
{
key = "string"
valueType = "string"
// For remaining properties, see StaticRoutingEnrichment objects
}
]
}
routingIdentityInfo = {
type = "string"
userAssignedIdentity = "string"
}
state = "string"
}
}
})
}
StaticRoutingEnrichment objects
Set the valueType property to specify the type of object.
For String, use:
{
value = "string"
valueType = "String"
}
Property Values
ClientAuthenticationSettings
| Name | Description | Value |
|---|---|---|
| alternativeAuthenticationNameSources | Alternative authentication name sources related to client authentication settings for namespace resource. | String array containing any of: 'ClientCertificateDns' 'ClientCertificateEmail' 'ClientCertificateIp' 'ClientCertificateSubject' 'ClientCertificateUri' |
| customJwtAuthentication | Custom JWT authentication settings for namespace resource. | CustomJwtAuthenticationSettings |
ConnectionState
| Name | Description | Value |
|---|---|---|
| actionsRequired | Actions required (if any). | string |
| description | Description of the connection state. | string |
| status | Status of the connection. | 'Approved' 'Disconnected' 'Pending' 'Rejected' |
CustomDomainConfiguration
| Name | Description | Value |
|---|---|---|
| certificateUrl | The URL for the certificate that is used for publishing to the custom domain. We currently support certificates stored in Azure Key Vault only. While certificate URL can be either versioned URL of the following format https://{key-vault-name}.vault.azure.net/certificates/{certificate-name}/{version-id}, or unversioned URL of the following format (e.g., https://contosovault.vault.azure.net/certificates/contosocert, we support unversioned certificate URL only (e.g., https://contosovault.vault.azure.net/certificates/contosocert) |
string |
| expectedTxtRecordName | Expected DNS TXT record name. Event Grid will check for a TXT record with this name in the DNS record set of the custom domain name to prove ownership over the domain. The values under this TXT record must contain the expected TXT record value. |
string |
| expectedTxtRecordValue | Expected DNS TXT record value. Event Grid will check for a TXT record with this value in the DNS record set of the custom domain name to prove ownership over the domain. | string |
| fullyQualifiedDomainName | Fully Qualified Domain Name (FQDN) for the custom domain. | string (required) |
| identity | Identity info for accessing the certificate for the custom domain. This identity info must match an identity that has been set on the namespace. | CustomDomainIdentity |
| validationState | Validation state for the custom domain. This is a read only property and is initially set to 'Pending' and will be updated to 'Approved' by Event Grid only after ownership of the domain name has been successfully validated. | 'Approved' 'ErrorRetrievingDnsRecord' 'Pending' |
CustomDomainIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of managed identity used. Can be either 'SystemAssigned' or 'UserAssigned'. | 'SystemAssigned' 'UserAssigned' |
| userAssignedIdentity | The user identity associated with the resource. | string |
CustomJwtAuthenticationManagedIdentity
| Name | Description | Value |
|---|---|---|
| type | The type of managed identity used. Can be either 'SystemAssigned' or 'UserAssigned'. | 'SystemAssigned' 'UserAssigned' (required) |
| userAssignedIdentity | The user identity associated with the resource. | string |
CustomJwtAuthenticationSettings
| Name | Description | Value |
|---|---|---|
| encodedIssuerCertificates | Information about the encoded public certificates that are used for custom authentication. | EncodedIssuerCertificateInfo[] |
| issuerCertificates | Information about the certificates that are used for token validation. We currently support maximum 2 certificates. | IssuerCertificateInfo[] |
| tokenIssuer | Expected JWT token issuer. | string |
DynamicRoutingEnrichment
| Name | Description | Value |
|---|---|---|
| key | Dynamic routing enrichment key. | string |
| value | Dynamic routing enrichment value. | string |
EncodedIssuerCertificateInfo
| Name | Description | Value |
|---|---|---|
| encodedCertificate | Certificate in pem format. | string (required) |
| kid | Identifier for the certificate. | string (required) |
IdentityInfo
| Name | Description | Value |
|---|---|---|
| principalId | The principal ID of resource identity. | string |
| tenantId | The tenant ID of resource. | string |
| type | The type of managed identity used. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user-assigned identities. The type 'None' will remove any identity. | 'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned' |
| userAssignedIdentities | The list of user identities associated with the resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. This property is currently not used and reserved for future usage. |
IdentityInfoUserAssignedIdentities |
IdentityInfoUserAssignedIdentities
| Name | Description | Value |
|---|
InboundIpRule
| Name | Description | Value |
|---|---|---|
| action | Action to perform based on the match or no match of the IpMask. | 'Allow' |
| ipMask | IP Address in CIDR notation e.g., 10.0.0.0/8. | string |
IssuerCertificateInfo
| Name | Description | Value |
|---|---|---|
| certificateUrl | Keyvault certificate URL in https://keyvaultname.vault.azure.net/certificates/certificateName/certificateVersion format. | string (required) |
| identity | The identity that will be used to access the certificate. | CustomJwtAuthenticationManagedIdentity |
Microsoft.EventGrid/namespaces
| Name | Description | Value |
|---|---|---|
| identity | Identity information for the Namespace resource. | IdentityInfo |
| location | Location of the resource. | string (required) |
| name | The resource name | string Constraints: Min length = 3 Max length = 50 Pattern = ^[a-zA-Z0-9-]*$ (required) |
| properties | Properties of the Namespace resource. | NamespaceProperties |
| sku | Represents available Sku pricing tiers. | NamespaceSku |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.EventGrid/namespaces@2024-12-15-preview" |
NamespaceProperties
| Name | Description | Value |
|---|---|---|
| inboundIpRules | This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. | InboundIpRule[] |
| isZoneRedundant | This is an optional property and it allows the user to specify if the namespace resource supports zone-redundancy capability or not. If this property is not specified explicitly by the user, its default value depends on the following conditions: a. For Availability Zones enabled regions - The default property value would be true. b. For non-Availability Zones enabled regions - The default property value would be false. Once specified, this property cannot be updated. |
bool |
| minimumTlsVersionAllowed | Minimum TLS version of the publisher allowed to publish to this namespace. Only TLS version 1.2 is supported. | '1.0' '1.1' '1.2' |
| privateEndpointConnections | List of private endpoint connections. | PrivateEndpointConnection[] |
| publicNetworkAccess | This determines if traffic is allowed over public network. By default it is enabled. You can further restrict to specific IPs by configuring <seealso cref="P:Microsoft.Azure.Events.ResourceProvider.Common.Contracts.PubSub.NamespaceProperties.InboundIpRules" /> |
'Disabled' 'Enabled' 'SecuredByPerimeter' |
| topicsConfiguration | Topics configuration information for the namespace resource | TopicsConfiguration |
| topicSpacesConfiguration | Topic spaces configuration information for the namespace resource | TopicSpacesConfiguration |
NamespaceSku
| Name | Description | Value |
|---|---|---|
| capacity | Specifies the number of Throughput Units that defines the capacity for the namespace. The property default value is 1 which signifies 1 Throughput Unit = 1MB/s ingress and 2MB/s egress per namespace. Min capacity is 1 and max allowed capacity is 20. |
int |
| name | The name of the SKU. | 'Standard' |
PrivateEndpoint
| Name | Description | Value |
|---|---|---|
| id | The ARM identifier for Private Endpoint. | string |
PrivateEndpointConnection
| Name | Description | Value |
|---|---|---|
| properties | Properties of the PrivateEndpointConnection. | PrivateEndpointConnectionProperties |
PrivateEndpointConnectionProperties
| Name | Description | Value |
|---|---|---|
| groupIds | GroupIds from the private link service resource. | string[] |
| privateEndpoint | The Private Endpoint resource for this Connection. | PrivateEndpoint |
| privateLinkServiceConnectionState | Details about the state of the connection. | ConnectionState |
| provisioningState | Provisioning state of the Private Endpoint Connection. | 'Canceled' 'Creating' 'Deleting' 'Failed' 'Succeeded' 'Updating' |
RoutingEnrichments
| Name | Description | Value |
|---|---|---|
| dynamic | DynamicRoutingEnrichment[] | |
| static | StaticRoutingEnrichment[] |
RoutingIdentityInfo
| Name | Description | Value |
|---|---|---|
| type | Routing identity type for topic spaces configuration. | 'None' 'SystemAssigned' 'UserAssigned' |
| userAssignedIdentity | string |
StaticRoutingEnrichment
| Name | Description | Value |
|---|---|---|
| key | Static routing enrichment key. | string |
| valueType | Set to 'String' for type StaticStringRoutingEnrichment. | 'String' (required) |
StaticStringRoutingEnrichment
| Name | Description | Value |
|---|---|---|
| value | String type routing enrichment value. | string |
| valueType | Static routing enrichment value type. For e.g. this property value can be 'String'. | 'String' (required) |
TopicsConfiguration
| Name | Description | Value |
|---|---|---|
| customDomains | List of custom domain configurations for the namespace. | CustomDomainConfiguration[] |
TopicSpacesConfiguration
| Name | Description | Value |
|---|---|---|
| clientAuthentication | Client authentication settings for topic spaces configuration. | ClientAuthenticationSettings |
| customDomains | List of custom domain configurations for the namespace. | CustomDomainConfiguration[] |
| maximumClientSessionsPerAuthenticationName | The maximum number of sessions per authentication name. The property default value is 1. Min allowed value is 1 and max allowed value is 100. |
int |
| maximumSessionExpiryInHours | The maximum session expiry in hours. The property default value is 1 hour. Min allowed value is 1 hour and max allowed value is 8 hours. |
int |
| routeTopicResourceId | Fully qualified Azure Resource Id for the Event Grid Topic to which events will be routed to from TopicSpaces under a namespace. This property should be in the following format '/subscriptions/{subId}/resourcegroups/{resourceGroupName}/providers/microsoft.EventGrid/topics/{topicName}'. This topic should reside in the same region where namespace is located. |
string |
| routingEnrichments | Routing enrichments for topic spaces configuration | RoutingEnrichments |
| routingIdentityInfo | Routing identity info for topic spaces configuration. | RoutingIdentityInfo |
| state | Indicate if Topic Spaces Configuration is enabled for the namespace. Default is Disabled. | 'Disabled' 'Enabled' |
TrackedResourceTags
| Name | Description | Value |
|---|
UserIdentityProperties
| Name | Description | Value |
|---|---|---|
| clientId | The client id of user assigned identity. | string |
| principalId | The principal id of user assigned identity. | string |
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| Event Grid Namespace | AVM Resource Module for Event Grid Namespace |