[APIM] Updates to Event Hub article

dlepow · dlepow · commit d84755d20a13 · 2022-12-20T17:32:54.000-08:00
diff --git a/articles/api-management/api-management-howto-log-event-hubs.md b/articles/api-management/api-management-howto-log-event-hubs.md
@@ -4,15 +4,10 @@ description: Learn how to log events to Azure Event Hubs in Azure API Management
 services: api-management
 documentationcenter: ''
 author: dlepow
-manager: erikre
-editor: ''
 
-ms.assetid: 88f6507d-7460-4eb2-bffd-76025b73f8c4
 ms.service: api-management
-ms.workload: mobile
-ms.tgt_pltfrm: na
-ms.topic: article
-ms.date: 01/29/2018
+ms.topic: how-to
+ms.date: 12/20/2022
 ms.author: danlep
 
 ---
@@ -21,53 +16,139 @@ Azure Event Hubs is a highly scalable data ingress service that can ingest milli
 
 This article describes how to log API Management events using Azure Event Hubs.
 
-## Create an Azure Event Hub
+## Prerequisites
 
-For detailed steps on how to create an event hub and get connection strings that you need to send and receive events to and from the Event Hub, see [Create an Event Hubs namespace and an event hub using the Azure portal](../event-hubs/event-hubs-create.md).
+* An API Management service instance. If you don't have one, see [Create an API Management service instance](get-started-create-service-instance.md).
+* An Azure Event Hubs namespace and event hub. For detailed steps, see [Create an Event Hubs namespace and an event hub using the Azure portal](../event-hubs/event-hubs-create.md).
+    > [!NOTE]
+    > The Event Hubs resource **can be** in a different subscription or even a different tenant than the API Management resource
+
+## Configure access to the event hub
+
+To log events to the event hub, you need credentials to enable access from API Management. API Management supports two access mechanisms: an Event Hubs connection string, or an API Management managed identity.
+
+### Configure event hub connection string
+
+To create an Event Hubs connection string, see [Get an Event Hubs connection string](../event-hubs/event-hubs-get-connection-string.md). You can get a connection string to the namespace or the specific event hub you use for logging from API Management
+
+### Configure API Management managed identity
 
 > [!NOTE]
-> The Event Hub resource **can be** in a different subscription or even a different tenant than the API Management resource
+> Using an API Management managed identity for logging events to an event hub is supported in API Management REST API version `2022-04-01-preview` or later.
+
+1. Enable a system-assigned or user-assigned [managed identity for API Management](api-management-howto-use-managed-service-identity.md) in your API Management instance.
+
+    * If you enable a user-assigned managed identity, take note of the identity's **Client ID**.
+
+1. Assign the identity the **Azure Event Hubs Data Owner** role, scoped to the Event Hubs namespace or to the event hub used for logging. To assign the role, use the [Azure portal](../active-directory/managed-identities-azure-resources/howto-assign-access-portal.md) or other Azure tools.
+
 
 ## Create an API Management logger
-Now that you have an Event Hub, the next step is to configure a [Logger](/rest/api/apimanagement/current-ga/logger) in your API Management service so that it can log events to the Event Hub.
-
-API Management loggers are configured using the [API Management REST API](/rest/api/apimanagement/ApiManagementREST/API-Management-REST). For detailed request examples, see [how to create Loggers](/rest/api/apimanagement/current-ga/logger/create-or-update).
-
-## Configure log-to-eventhub policies
-
-Once your logger is configured in API Management, you can configure your log-to-eventhub policy to log the desired events. The log-to-eventhub policy can be used in either the inbound policy section or the outbound policy section.
-
-1. Browse to your APIM instance.
-2. Select the API tab.
-3. Select the API to which you want to add the policy. In this example, we're adding a policy to the **Echo API** in the **Unlimited** product.
-4. Select **All operations**.
-5. On the top of the screen, select the Design tab.
-6. In the Inbound or Outbound processing window, click the triangle (next to the pencil).
-7. Select the Code editor. For more information, see [How to set or edit policies](set-edit-policies.md).
-8. Position your cursor in the `inbound` or `outbound` policy section.
-9. In the window on the right, select **Advanced policies** > **Log to EventHub**. This inserts the `log-to-eventhub` policy statement template.
-
-```xml
-<log-to-eventhub logger-id="logger-id">
-    @{
-        return new JObject(
-            new JProperty("EventTime", DateTime.UtcNow.ToString()),
-            new JProperty("ServiceName", context.Deployment.ServiceName),
-            new JProperty("RequestId", context.RequestId),
-            new JProperty("RequestIp", context.Request.IpAddress),
-            new JProperty("OperationName", context.Operation.Name)
-        ).ToString();
+Now that you have an event hub, the next step is to configure a [Logger](/rest/api/apimanagement/current-ga/logger) in your API Management service so that it can log events to the event hub.
+
+API Management loggers can be configured using the [API Management REST API](/rest/api/apimanagement/current-ga/logger/create-or-update) directly or tools including [Azure PowerShell](/powershell/module/az.apimanagement/new-azapimanagementlogger), a Bicep template, or an Azure Resource Management template.
+
+### Logger with connection string credentials
+
+#### [PowerShell](#tab/PowerShell)
+
+The following example uses the [New-AzApiManagementLogger](/powershell/module/az.apimanagement/new-azapimanagementlogger) cmdlet to create a logger to an event hub by specifying a connection string.
+
+```powershell
+# API Management service-specific details
+$apimServiceName = "apim-hello-world"
+$resourceGroupName = "myResourceGroup"
+
+$context = New-AzApiManagementContext -ResourceGroupName $resourceGroupName -ServiceName $apimServiceName
+New-AzApiManagementLogger -Context $context -LoggerId "ContosoLogger1" -Name "ApimEventHub" -ConnectionString "Endpoint=sb://ContosoEventHubs.servicebus.windows.net/;SharedAccessKeyName=SendKey;SharedAccessKey=<key>" -Description "Event hub logger with connection string"
+```
+
+#### [Bicep](#tab/bicep)
+
+Include the following snippet in your Bicep template.
+
+```Bicep
+@description('The name of the API Management service instance.')
+param serviceName string
+
+resource apimService 'Microsoft.ApiManagement/service@2022-04-01-preview' existing = {
+  name: serviceName
+
+resource ehLoggerWithConnectionString 'Microsoft.ApiManagement/service/loggers@2022-04-01-preview' = {
+  name: 'ContosoLogger1'
+  parent: apimService
+  properties: {
+    loggerType: 'azureEventHub'
+    description: 'Event hub logger with connection string'
+    credentials: {
+      connectionString: 'Endpoint=sb://ContosoEventHubs.servicebus.windows.net/;SharedAccessKeyName=SendKey;SharedAccessKey=<key>'
+      name: 'ApimEventHub'
     }
-</log-to-eventhub>
+  }
+}
+```
+
+#### [ARM](#tab/arm)
+
+Include the following JSON snippet in your Azure Resource Manager template.
+
+```JSON
+{
+  "type": "Microsoft.ApiManagement/service/loggers",
+  "apiVersion": "2022-04-01-preview",
+  "name": "ContosoLogger1",
+  "properties": {
+    "credentials": {
+        "connectionString": "Endpoint=sb://ContosoEventHubs.servicebus.windows.net/;SharedAccessKeyName=SendKey;SharedAccessKey=<key>",
+        "name": "ApimEventHub"
+    },
+    "description": "Event hub logger with connection string",
+    "loggerType": "azureEventHub",
+    "resourceId": "string"
+  }
+}
 ```
-Replace `logger-id` with the value you used for `{loggerId}` in the request URL to create the logger in the previous step.
+---
+
+### Logger with system-assigned managed identity credentials
+
+
+### Logger with user-assigned managed identity credentials
+
+
+## Configure log-to-eventhub policy
+
+Once your logger is configured in API Management, you can configure your [log-to-eventhub](api-management-advanced-policies.md#log-to-event-hub) policy to log the desired events. The `log-to-eventhub` policy can be used in either the inbound policy section or the outbound policy section.
+
+1. Browse to your API Management instance.
+1. Select **APIs**, and then select the API to which you want to add the policy. In this example, we're adding a policy to the **Echo API** in the **Unlimited** product.
+1. Select **All operations**.
+1. On the top of the screen, select the **Design** tab.
+1. In the Inbound processing or Outbound processing window, select the `</>` (code editor) icon. For more information, see [How to set or edit policies](set-edit-policies.md).
+1. Position your cursor in the `inbound` or `outbound` policy section.
+1. In the window on the right, select **Advanced policies** > **Log to EventHub**. This inserts the `log-to-eventhub` policy statement template.
+
+    ```xml
+    <log-to-eventhub logger-id="logger-id">
+        @{
+            return new JObject(
+                new JProperty("EventTime", DateTime.UtcNow.ToString()),
+                new JProperty("ServiceName", context.Deployment.ServiceName),
+                new JProperty("RequestId", context.RequestId),
+                new JProperty("RequestIp", context.Request.IpAddress),
+                new JProperty("OperationName", context.Operation.Name)
+            ).ToString();
+        }
+    </log-to-eventhub>
+    ```
 
-You can use any expression that returns a string as the value for the `log-to-eventhub` element. In this example, a string in JSON format containing the date and time, service name, request ID, request IP address, and operation name is logged.
+      1. Replace `logger-id` with the name of the logger that you created in the previous step.
+      1. You can use any expression that returns a string as the value for the `log-to-eventhub` element. In this example, a string in JSON format containing the date and time, service name, request ID, request IP address, and operation name is logged.
 
-Click **Save** to save the updated policy configuration. As soon as it is saved the policy is active and events are logged to the designated Event Hub.
+1. Select **Save** to save the updated policy configuration. As soon as it is saved, the policy is active and events are logged to the designated event hub.
 
 > [!NOTE]
-> The maximum supported message size that can be sent to an event hub from this API Management policy is 200 kilobytes (KB). If a message that is sent to an event hub is larger than 200 KB, it will be automatically truncated, and the truncated message will be transferred to event hubs.
+> The maximum supported message size that can be sent to an event hub from this API Management policy is 200 kilobytes (KB). If a message that is sent to an event hub is larger than 200 KB, it will be automatically truncated, and the truncated message will be transferred to the event hub.
 
 ## Preview the log in Event Hubs by using Azure Stream Analytics
 
