azure azure-devops azure-resource-manager azure-bicep infrastructure-as-code

Unable to deploy Azure Event Grid Namespace and Topic using Azure Bicep and Azure DevOps pipeline

I'm currently facing an issue with writing an Azure Bicep template to deploy an Event Grid Namespace and an Event Grid Topic through an Azure DevOps pipeline. The goal is to establish a connection between them so that MQTT messages arriving at the Event Grid can be forwarded to the Topic.

Here's my current configuration:

I have the Topic and the Namespace each in a seperate file:

resource eventGridTopic 'Microsoft.EventGrid/topics@2022-06-15' = {
  name: 'eventGridTopic'
  location: location

  properties: {
    inputSchema: 'CloudEventSchemaV1_0'
  }
}

output id string = eventGridTopic.id

resource eventGrid 'Microsoft.EventGrid/namespaces@2023-06-01-preview' = {
  name: 'eventGridNamespace'
  location: location

  sku: {
    name: 'Standard'
    capacity: 1
  }

  properties: {
    isZoneRedundant: true

    topicSpacesConfiguration: {
      state: 'Enabled'
      routeTopicResourceId: eventGridTopicId
      maximumSessionExpiryInHours: 1
      maximumClientSessionsPerAuthenticationName: 1
    }
  }
}

And import them as modules and try to connect them as follows:

module eventGridTopic 'grid/evenGridTopic.bicep' = {
  scope: GridRG
  name: 'gridTopicDeployment'
  params: {
    location: 'westeurope'
    projectName: projectName
  }
}

module eventGrid 'grid/eventGrid.bicep' = {
  scope: GridRG
  name: 'gridDeployment'
  params: {
    location: location
    projectName: projectName
    eventGridTopicId: eventGridTopic.outputs.id
  }
  dependsOn: [
    eventGridTopic
  ]
}

But I get the following error each time I try to deploy the Bicep file:

"code": "DeploymentFailed",
            "target": "X",
            "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.",
            "details": [
              {
                "code": "InvalidRequest",
                "message": "Insufficient permission encountered to publish events to route topic eventGridTopic under namespace eventGridNamespace."
              }
            ]

Solution

Please make sure that service principal or managed identity used by the pipeline has EventGrid Contributor and EventGrid EventSubscription Contrinbutor roles.