Blog Post

Azure PaaS Blog
1 MIN READ

Subscribe to Azure Storage Blob Lifecycle Policy Events

mohitkhanna's avatar
mohitkhanna
Icon for Microsoft rankMicrosoft
Aug 07, 2024

The LifecyclePolicyCompleted event is generated when the actions defined by a lifecycle management policy are performed. Refer - Optimize costs by automatically managing the data lifecycle - Azure Blob Storage | Microsoft Learn

 

This article shares steps to subscribe to these events and help you track how much data moved, deleted or archived. 

Step 1: Create Event Grid - System topic, which helps to subscribe to events published by Azure Services. Refer below: 

 

 

Step 2: Go to the Event Grid System Topic created and create a new Event Subscription. 

 

Step 3: Select Event Type Filter as "Lifecycle Policy Completed"

Step 4: Select Endpoint to receive events. For simplicity we are using Storage Queue. 

 

Step 5: Assign the System Managed identity in the storage account IAM for the event grid with role of "Storage Queue Data Message Sender", once role is assigned successfully, then go in the Event Subscription of the change the Managed Identity for Delivery to "System Assigned" and save. 

 

Step 6: Go to the storage queue to see the events published. 

For Azure Grid pricing refer Pricing – Event Grid | Microsoft Azure

Updated Aug 05, 2024
Version 1.0
  • ohads-MSFT's avatar
    ohads-MSFT
    Icon for Microsoft rankMicrosoft
    Sep 24, 2024

    I believe LifecyclePolicyCompleted is not an Audit Log event, rather an event grid system topic you can subscribe to:

    Sample script:
    param ( [string]$subscriptionId = "XXXXX-XXX-XXX-XXX-XXXXX", [string]$resourceGroupName = "YOUR-RG", [array]$excludedStorageAccounts = @("SOME-EXCLUDED-STORAGE-ACCOUNT"), [string]$userAssignedIdentity = "/subscriptions/XXXXX-XXX-XXX-XXX-XXXXX/resourcegroups/MY-RG/providers/microsoft.managedidentity/userassignedidentities/MY-MANAGED-IDENTITY", [string]$eventEndpoint = "/subscriptions/XXXXX-XXX-XXX-XXX-XXXXX/resourceGroups/MY-RG/providers/Microsoft.Storage/storageAccounts/MY-STORAGE-ACCOUNT/queueServices/default/queues/MY-QUEUE" )

    $ErrorActionPreference = "Stop"

    Select-AzSubscription -SubscriptionId $subscriptionId

    $storageAccounts = Get-AzStorageAccount -ResourceGroupName $resourceGroupName

    $filteredStorageAccounts = $storageAccounts | Where-Object { $excludedStorageAccounts -notcontains $_.StorageAccountName }

    Write-Host "Starting loop to create Event Grid System Topics and Subscriptions"

    foreach ($storageAccount in $filteredStorageAccounts) {

    *$systemTopicName = "lifecycle-$($storageAccount.StorageAccountName)"*

*$resourceId = $storageAccount.Id*

*Write-Host "Creating Event Grid System Topic for storage account: $($storageAccount.StorageAccountName)"*

*New-AzEventGridSystemTopic -ResourceGroupName $resourceGroupName `*

                           *-Name $systemTopicName `*

                           *-Location $storageAccount.Location `*

                           *-Source $resourceId `*

                           *-UserAssignedIdentity $userAssignedIdentity `*

                           *-TopicType "Microsoft.Storage.StorageAccounts"*

*Write-Host "Creating Event Grid Subscription for system topic: $systemTopicName"*

*$destination = New-AzEventGridStorageQueueEventSubscriptionDestinationObject -QueueName "storageevents" -ResourceId $eventEndpoint*

*New-AzEventGridSubscription -Name "lcmmonitor" `*

                            *-DeliveryWithResourceIdentityDestination $destination `*

                            *-FilterIncludedEventType @("Microsoft.Storage.BlobCreated", "Microsoft.Storage.BlobDeleted", "Microsoft.Storage.BlobTierChanged", "Microsoft.Storage.LifecyclePolicyCompleted", "Microsoft.Storage.AsyncOperationInitiated") `*

                            *-Scope $resourceId `*

                            *-DeliveryWithResourceIdentityType UserAssigned `*

                            *-DeliveryWithResourceIdentityUserAssignedIdentity $userAssignedIdentity*

    }