diff --git a/azurerm/internal/services/eventhub/data_source_eventhub_authorization_rule.go b/azurerm/internal/services/eventhub/data_source_eventhub_authorization_rule.go
new file mode 100644
index 000000000000..79e64fe3b6f6
--- /dev/null
+++ b/azurerm/internal/services/eventhub/data_source_eventhub_authorization_rule.go
@@ -0,0 +1,108 @@
+package eventhub
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/clients"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/timeouts"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils"
+)
+
+func dataSourceEventHubAuthorizationRule() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceEventHubAuthorizationRuleRead,
+
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(5 * time.Minute),
+		},
+
+		Schema: azure.EventHubAuthorizationRuleSchemaFrom(map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: azure.ValidateEventHubAuthorizationRuleName(),
+			},
+
+			"namespace_name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: azure.ValidateEventHubNamespaceName(),
+			},
+
+			"eventhub_name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: azure.ValidateEventHubName(),
+			},
+
+			"primary_key": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
+
+			"secondary_key": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
+
+			"primary_connection_string": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
+
+			"secondary_connection_string": {
+				Type:      schema.TypeString,
+				Computed:  true,
+				Sensitive: true,
+			},
+
+			"resource_group_name": azure.SchemaResourceGroupNameForDataSource(),
+
+			"location": azure.SchemaLocationForDataSource(),
+		}),
+	}
+}
+
+func dataSourceEventHubAuthorizationRuleRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*clients.Client).Eventhub.EventHubsClient
+	ctx, cancel := timeouts.ForRead(meta.(*clients.Client).StopContext, d)
+	defer cancel()
+
+	name := d.Get("name").(string)
+	resourceGroup := d.Get("resource_group_name").(string)
+	eventHubName := d.Get("eventhub_name").(string)
+	namespaceName := d.Get("namespace_name").(string)
+
+	resp, err := client.GetAuthorizationRule(ctx, resourceGroup, namespaceName, eventHubName, name)
+	if err != nil {
+		if utils.ResponseWasNotFound(resp.Response) {
+			return fmt.Errorf("Error: EventHub Authorization Rule %q (Resource Group %q) was not found", name, resourceGroup)
+		}
+		return fmt.Errorf("Error: EventHub Authorization Rule %s: %+v", name, err)
+	}
+
+	d.SetId(*resp.ID)
+
+	d.Set("name", name)
+	d.Set("eventhub_name", eventHubName)
+	d.Set("namespace_name", namespaceName)
+	d.Set("resource_group_name", resourceGroup)
+
+	keysResp, err := client.ListKeys(ctx, resourceGroup, namespaceName, eventHubName, name)
+	if err != nil {
+		return fmt.Errorf("Error making Read request on Azure EventHub Authorization Rule List Keys %s: %+v", name, err)
+	}
+
+	d.Set("primary_key", keysResp.PrimaryKey)
+	d.Set("secondary_key", keysResp.SecondaryKey)
+	d.Set("primary_connection_string", keysResp.PrimaryConnectionString)
+	d.Set("secondary_connection_string", keysResp.SecondaryConnectionString)
+
+	return nil
+}
diff --git a/azurerm/internal/services/eventhub/registration.go b/azurerm/internal/services/eventhub/registration.go
index 330cd1b2f89d..b1e9dc3f4d78 100644
--- a/azurerm/internal/services/eventhub/registration.go
+++ b/azurerm/internal/services/eventhub/registration.go
@@ -14,6 +14,7 @@ func (r Registration) Name() string {
 // SupportedDataSources returns the supported Data Sources supported by this Service
 func (r Registration) SupportedDataSources() map[string]*schema.Resource {
 	return map[string]*schema.Resource{
+		"azurerm_eventhub_authorization_rule":           dataSourceEventHubAuthorizationRule(),
 		"azurerm_eventhub_consumer_group":               dataSourceEventHubConsumerGroup(),
 		"azurerm_eventhub_namespace":                    dataSourceEventHubNamespace(),
 		"azurerm_eventhub_namespace_authorization_rule": dataSourceEventHubNamespaceAuthorizationRule(),
diff --git a/azurerm/internal/services/eventhub/tests/data_source_eventhub_authorization_rule_test.go b/azurerm/internal/services/eventhub/tests/data_source_eventhub_authorization_rule_test.go
new file mode 100644
index 000000000000..64ed69fc4163
--- /dev/null
+++ b/azurerm/internal/services/eventhub/tests/data_source_eventhub_authorization_rule_test.go
@@ -0,0 +1,48 @@
+package tests
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/acceptance"
+)
+
+func TestAccDataSourceAzureRMEventHubAuthorizationRule(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_eventhub_authorization_rule", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMEventHubAuthorizationRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAzureRMEventHubAuthorizationRule_base(data, true, true, true),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMEventHubAuthorizationRuleExists(data.ResourceName),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "name"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "namespace_name"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "eventhub_name"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "primary_key"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_key"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "primary_connection_string"),
+					resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_connection_string"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceAzureRMEventHubAuthorizationRule_base(data acceptance.TestData, listen, send, manage bool) string {
+	template := testAccAzureRMEventHubAuthorizationRule_base(data, listen, send, manage)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_eventhub_authorization_rule" "test" {
+  name                = "${azurerm_eventhub_authorization_rule.test.name}"
+  namespace_name      = "${azurerm_eventhub_namespace.test.name}"
+  eventhub_name       = "${azurerm_eventhub.test.name}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+}
+`, template)
+}
diff --git a/website/azurerm.erb b/website/azurerm.erb
index 7f0640f1034b..13e50d7b1078 100644
--- a/website/azurerm.erb
+++ b/website/azurerm.erb
@@ -186,6 +186,10 @@
                     <a href="/docs/providers/azurerm/d/disk_encryption_set.html">azurerm_disk_encryption_set</a>
                 </li>
 
+                <li>
+                  <a href="/docs/providers/azurerm/d/eventhub_authorization_rule.html">azurerm_eventhub_authorization_rule</a>
+                </li>
+
                 <li>
                     <a href="/docs/providers/azurerm/d/eventhub_consumer_group.html">azurerm_eventhub_consumer_group</a>
                 </li>
diff --git a/website/docs/d/eventhub_authorization_rule.html.markdown b/website/docs/d/eventhub_authorization_rule.html.markdown
new file mode 100644
index 000000000000..01af5625ab12
--- /dev/null
+++ b/website/docs/d/eventhub_authorization_rule.html.markdown
@@ -0,0 +1,52 @@
+---
+subcategory: "Messaging"
+layout: "azurerm"
+page_title: "Azure Resource Manager: azurerm_eventhub_authorization_rule"
+description: |-
+  Gets information about an Event Hubs Authorization Rule within an Event Hub.
+---
+
+# azurerm_eventhub_authorization_rule
+
+Use this data source to access information about an existing Event Hubs Authorization Rule within an Event Hub.
+
+## Example Usage
+
+```hcl
+data "azurerm_eventhub_authorization_rule" "test" {
+  name                = "test"
+  namespace_name      = "${azurerm_eventhub_namespace.test.name}"
+  eventhub_name       = "${azurerm_eventhub.test.name}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+}
+```
+
+## Argument Reference
+
+* `name` - Specifies the name of the EventHub Authorization Rule resource. be created.
+
+* `namespace_name` - Specifies the name of the grandparent EventHub Namespace.
+
+* `eventhub_name` - Specifies the name of the EventHub.
+
+* `resource_group_name` - The name of the resource group in which the EventHub Authorization Rule's grandparent Namespace exists.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The EventHub ID.
+
+* `primary_key` - The Primary Key for the Event Hubs Authorization Rule.
+
+* `primary_connection_string` - The Primary Connection String for the Event Hubs Authorization Rule.
+
+* `secondary_key` - The Secondary Key for the Event Hubs Authorization Rule.
+
+* `secondary_connection_string` - The Secondary Connection String for the Event Hubs Authorization Rule.
+
+## Timeouts
+
+The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions:
+
+* `read` - (Defaults to 5 minutes) Used when retrieving the EventHub Authorization Rule.
\ No newline at end of file