Creating an event subscription for Azure storage account in Terraform

Question

I am trying to create the following resources in Azure using Terraform and Terraform provider for Azure.

• Create a storage account for blob storage.
• Create an event subscription that will raise events on blob activity.

When running the terraform scripts i get the following error

Error: Error creating/updating EventGrid Event Subscription "evtFileReceived" (Scope "/subscriptions/c17cf5ee-d3d7-4f64-b863-f2a4d6948594/resourceGroups/dominos-doodle"): eventgrid.EventSubscriptionsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidRequest" Message="The specified topic property does not match the expected topic from the event subscription scope."

How shoud i fix it ?. Google search didn't gave any results.

The script that generated the error is as follows. The step that throwed the error is terraform apply

Obviously one way is to use the ARM templates to achieve this, but i am trying to see if it can be created using native Terraform scripts. I referred to Terraform Docs and created the following.

variable "inp_resource_group_name" { }
variable "inp_geo_location" { }
variable "inp_account_name" { }
variable "inp_az_subscription_id" { }
variable "inp_resource_group_id" { }

resource "azurerm_storage_account" "cave" {
  name                     = var.inp_account_name
  resource_group_name      = var.inp_resource_group_name
  location                 = var.inp_geo_location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  account_kind             = "StorageV2"
}

resource "azurerm_storage_container" "validName" {
  name                  = validName"
  resource_group_name   = var.inp_resource_group_name
  storage_account_name  = var.inp_account_name
  container_access_type = "blob"
}

resource "azurerm_eventgrid_event_subscription" "evtFileReceived" {
  name  = "evtFileReceived"
  scope = var.inp_resource_group_id
  topic_name="/subscriptions/${var.inp_az_subscription_id}/resourceGroups/${var.inp_resource_group_name}/providers/Microsoft.Storage/storageAccounts/{var.inp_account_name}"
  webhook_endpoint {
    url = "https://myendpoint.that.works.well.across.all.osi.layers"
  }
}

Answer 1

I had a similar issue and solved it by setting both the scope and topic_name to the storage account id. So in your example, I think this should work;

resource "azurerm_eventgrid_event_subscription" "evtFileReceived" {
  name  = "evtFileReceived"
  scope = azurerm_storage_account.cave.id
  topic_name = azurerm_storage_account.cave.id
  webhook_endpoint {
    url = "https://myendpoint.that.works.well.across.all.osi.layers"
  }
}