Integration between Event Hubs and Azure Virtual Networks creates a secure messaging layer that can be accessed from other services within the network. Azure Functions can be similarly integrated with services inside virtual networks, enabling creation of workloads that execute on message ingestion, through input bindings.

This project framework provides the following features:

• An Azure Event Hub used to ingest messages.
• A Function App with an Event Hub triggered Azure Function.
• An Azure Key Vault instance used to securely store all secret values.
• An Azure Virtual Network, Private Endpoints, and network access controls that restrict access to the Event Hub, Storage Account, and Key Vault.
• All components are deployable via Bicep or Terraform.

• Azure CLI (2.42.0)
• Azure Functions Core Tools
• .NET
• Bicep or Terraform

The project can be deployed using either Bicep or Terraform.

1. Create a new Azure resource group to deploy the Bicep template to, passing in a location and name - az group create --location <LOCATION> --name <RESOURCE_GROUP_NAME>
2. The azuredeploy.parameters.json file contains the necessary variables to deploy the Bicep project. Update the file with appropriate values. Descriptions for each parameter can be found in the main.bicep file.
3. Optionally, verify what Bicep will deploy, passing in the name of the resource group created earlier and the necessary parameters for the Bicep template - az deployment group what-if --resource-group <RESOURCE_GROUP_NAME> --template-file .\main.bicep --parameters .\azuredeploy.parameters.json
4. Deploy the template, passing in the name of the resource group created earlier and the necessary parameters for the Bicep template - az deployment group create --resource-group <RESOURCE_GROUP_NAME> --template-file .\main.bicep --parameters .\azuredeploy.parameters.json

1. The terraform.tfvars file contains the necessary variables to apply the Terraform configuration. Update the file with appropriate values. Descriptions for each variable can be found in the variables.tf file.
2. Initialize Terraform - terraform init
3. Optionally, verify what Terraform will deploy - terraform plan
4. Deploy the configuration - terraform apply

The project provides sample Azure Functions code to verify that the solution is working correctly. It contains an Event Hub triggered Azure Function used to process incoming messages and a second, disabled, timer triggered Azure Function that sends messages to the Event Hub using output bindings and is used to test that the processor is operating properly.

1. Navigate to the ./src/eventhub-trigger directory.
2. Deploy the code to the function app provisioned by Bicep or Terraform - func azure functionapp publish <FUNCTION_APP_NAME> --dotnet

1. Navigate to the Azure Portal and find the Function App that was provisioned.
2. Open the Configuration blade.
3. Find the AzureWebJobs.Tester.Disabled application setting and edit the value to false.
4. Save the changes.
5. Find the Application Insights resource that was provisioned.
6. Open the Logs blade.
7. Query for the results from the requests table.
8. Observe the successful EventHubProcessor runs.

• Tutorial: Integrate Azure Functions with an Azure virtual network by using private endpoints
• Integrate your app with an Azure virtual network
• Azure Functions networking options
• Network security for Azure Event Hubs
• Configure Azure Storage firewalls and virtual networks
• Configure Azure Key Vault firewalls and virtual networks
• Analyze Azure Functions telemetry in Application Insights