We have an architecture in Azure sealed within a Vnet with private endpoints on all our services. We mostly work with transactional data, so quite moderate amounts of data throughput.
Now, our initial plan was to communicate between Azure functions by messaging through Event Grid. However, we’ve now realized that delivery of messages from Event Grid to Azure Functions is not supported through private endpoints, as per this link.
We know that Azure Service Bus would be an alternative path to take, but at the premium tier (which is required for PE) it gets quite pricy compared to the alternatives. Maybe that’s the path we need to take, but I first want to exhaust our other alternatives before moving further on a decision.
What would be your advice on how to change the architecture to still utilize event-based communication but within a sealed private network?
We solved this by setting up a webhook endpoint in API Management (residing within the same VNET as the Event Grid) and routing the messages through this. For AAD authentication/authorization I followed this MSFT guide.
I would still prefer an out of the box solution where Event Grid would be able to communicate directly to functions despite them being protected by private endpoints.