Azure Event Grid Topic VNet Integration
Currently Azure Event Grid Topic can not dispatch events (i.e. can't have subscription) to Functions with Private Endpoint (behind VNET).
Azure Event Grid allows you to have Private Endpoint (Ingress) but it can't have outbound (Egress) connection to private endpoints such as Functions, etc.
There is a following work around exist but it can complicate overall architecture & add cost by adding additional service such as Event Hub/Storage queue/Service bus.
Here is the workaround:
Event grid can write to Event Hub/Storage queue/Service bus (behind Private Endpoint) if MSI for Event Grid topic is turned on. To do this,
• Allow ‘trusted 1st party services’ on the Event Hub/Storage queue/Service bus resource.
• Please refer to https://docs.microsoft.com/en-us/azure/event-grid/managed-service-identity
Thanks for the feedback.
If you require strict network isolation where traffic from Event Grid to another service (destination of events) using private IPs, then you do need the support of private links for subscribers.
In the workaround described above (using either EH, Storage Queues, or Service Bus) the traffic goes to the public internet, but identities are known. Hence, it is more secured but it is not network isolated.
Would you please clarify your specific requirements? Please also rename your title (if that possible?). Referring to VNET is ambiguous. A VNET has an private IP space and a public IP space. Saying that a "....VNET integration" is required does not clarify your requirements. Furthermore, please remove the reference to "Topic" in the title as it is clear that you need outbound (event subscription) support for private endpoint. Topics are a publisher (the other end) concern. Reading the title, I can say "Yes, EG supports Topic VNET integration through public IP space and Private IP space". :)
I hope this helps!