I am attempting to query Event Hub Firewall IP Rules using Azure Policy's Resource Graph. I currently have provisioned an Event Hub with the following Firewall IP Rule.
{
"type": "Microsoft.EventHub/namespaces/ipfilterrules",
"apiVersion": "2018-01-01-preview",
"name": "[concat(parameters('namespaces_myeventhub_name'), '/e51110a0-c074-43b3-85b7-b43e2eab4d9b')]",
"location": "West US 2",
"dependsOn": [
"[resourceId('Microsoft.EventHub/namespaces', parameters('namespaces_myeventhub_name'))]"
],
"properties": {
"ipMask": "47.xxx.xxx.xxx",
"action": "Accept",
"filterName": "e51110a0-c074-43b3-85b7-b43e2eax4d9b"
}
}
A query for
"where type =~ 'Microsoft.EventHub/namespaces'"
will reveal my Event Hub without any information of firewall IP rules. And furthermore a query for
where type =~ 'Microsoft.EventHub/namespaces/ipfilterrules'
returns nothing. I would like to be able to query this information using resource graph and eventually write an Azure Policy against these properties. I have searched for possible aliases with this information using the following
"where type =~ 'Microsoft.EventHub/namespaces' | limit 1 | project aliases"
but the list it returns includes no information of firewall IP rules for Event Hubs. This seems like basic information that should be available in Resource Graph... What am I missing?
After test , unfortunately,only the level of event hub namespace could be queried via Azure Resource Graph APIs and you can not query ipfilterrules via Azure Resource Graph directly, please refer to below solution as workaround:
1:Query all event hub namespaces under susbcription For example: https://management.azure.com/subscriptions//providers/Microsoft.EventHub/namespaces?api-version=2018-01-01-preview
2: Query all ipfilterrules under event hub namespace and filter ipfilterrules one by one in your program. For example https://management.azure.com/subscriptions//resourceGroups/ericm/providers/Microsoft.EventHub/namespaces//ipfilterrules?api-version=2018-01-01-preview
Hopefully it is helpful for your concern.