Hi Raj, Azure Service Bus supports cross-region federation and message replication. https://video2.skills-academy.com/en-us/azure/service-bus-messaging/service-bus-federation-overview
Can a function app and storage account in tenant in Europe region access or subscribe from a service bus topic and URL in another tenant and different URL in US region.
We have applications running in US region and Europe region. Both applications have different URLs. We want to sync data of both regions.
We are using service bus topics to store data in middle and pass that data to different region.
I want to confirm if service bus created in US region is accessible by other region in different tenant or not (Europe region), when both applications have different URLs?
2 answers
Sort by: Most helpful
-
Miguel Gonçalves | AVANADE 886 Reputation points
2024-06-13T09:55:27.0966667+00:00 -
Dan Rios 1,735 Reputation points MVP
2024-06-13T10:02:18.19+00:00 Yes it should be possible, there are many authentication options for Service Bus laid out here:
Service Bus defines a set of built-in roles that you can grant to your tenants to access Service Bus entities. For example, with Microsoft Entra authentication, you can grant a tenant access to a specific queue or topic that contains their messages, which isolates it from the other tenants within your application.
For Entra, you follow the guide from the Docs here: For Entra, you follow the guide from the Docs here: https://video2.skills-academy.com/en-us/azure/service-bus-messaging/authenticate-application?WT.mc_id=MVP_319025#register-your-application-with-a-microsoft-entra-tenant
Once setup in the US tenant, your apps in other tenants can use the service principal to authenticate to the Service Bus in that tenant. The guide lays out the steps in more detail.
Additionally, you can also use a Shared Access Signature and grant specific topic/queue access:
Shared access signatures (SAS) give you the ability to grant a tenant access to Service Bus resources with specific rights.
Authenticate to the Service Bus with the SAS: Authenticate to the Service Bus with the SAS: https://video2.skills-academy.com/en-us/azure/service-bus-messaging/service-bus-sas?
The above docs also has code examples on how your applications could use the SAS token to authenticate to the Service Bus, which would be in the other tenant and this should work.
If you want to have replicated service bus data to the Europe region instead of plugging into the US, then you can also look into cross-region capabilities, which may be of interest, although will require some work to put in place.
Then you can use the SB resource within a more local region for the Europe application: If you want to have replicated service bus data to the Europe region instead of plugging into the US, then you can also look into cross-region capabilities, which may be of interest, although will require some work to put in place.
Then you can use the SB resource within a more local region for the Europe application:
https://video2.skills-academy.com/en-us/azure/service-bus-messaging/service-bus-federation-overview
Hope this helps and solves your question, if it does, feel free to mark as an accepted answer.