Share via

Can IoT Hub Route D2C Messages to Service Bus in VNET?

John Wong Yek Hon 80 Reputation points
2024-11-15T08:21:58.06+00:00

I have a IoT Hub that must be public facing, while I want to have a Service Bus that only allow private access, where my App Services in the VNET will then consume the messages from Service Bus.

Now, the question is am I able to route the D2C messages from IoT Hub to my Service Bus? And if this can be done, please point me to the configuration steps for that.

Thanks.

Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,213 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. LeelaRajeshSayana-MSFT 16,606 Reputation points
    2024-11-15T15:51:25.66+00:00

    Hi @John Wong Yek Hon Greetings! Thank you for posting this question here.

    am I able to route the D2C messages from IoT Hub to my Service Bus?

    Yes, you can set up message routing on a public facing IoT Hub end point and send device telemetry to a Private Service Bus.

    Here are the configurations needed to enable this routing.

    1. Set Allow trusted Microsoft services to bypass this firewall? to Yes on the Service Bus namespace. You can find this setting under the Settings --> Networking configurations. Please refer the below image for reference. User's image
    2. Enable System managed identity on the IoT Hub resource. This setting can be found under Security settings --> Identity. Refer the below image User's image
    3. Add role assignment Azure Service Bus Data Sender role to this system managed identity under the Service Bas namespace through Access Control (IAM). User's image Select Azure Service Bus Data Sender under the roles and click Next to choose Members. Select the option Assign Access to Managed Identity and look for the System Managed identity resources when you click Select Members. The System Managed Identity would be created with the same name as your IoT Hub. Refer the below image User's image Assign the role permissions to this identity
    4. Create an IoT Hub message routing custom end point on the IoT Hub and use System Managed Identity for Authentication type. User's image
    5. You can set the routing query to true to route all events or set up a custom query per your need and set the data source to Device Telemetry Message.

    Once the above configurations are done, you should be able to route the device telemetry to the private Service Bus end point without any issues. Here is a reference to the documentation Egress connectivity from IoT Hub to other Azure resources which provides this details.

    Hope this helps! Please let us know if you have any additional questions or need further assistance.

    If the response helped, please do click Accept Answer and Yes for the answer provided. Doing so would help other community members with similar issue identify the solution. I highly appreciate your contribution to the community.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.