Azure CosmosDB (DocumentDB) Account
This page shows how to write Terraform and Azure Resource Manager for CosmosDB (DocumentDB) Account and write them securely.
azurerm_cosmosdb_account (Terraform)
The Account in CosmosDB (DocumentDB) can be configured in Terraform with the resource name azurerm_cosmosdb_account
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_cosmosdb_account" "example" {
name = "tfex-cosmosdb-account"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
offer_type = "Standard"
analytical_storage_enabled = true
resource "azurerm_cosmosdb_account" "example" {
name = "tfex-cosmosdb-account"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
offer_type = "Standard"
analytical_storage_enabled = true
resource "azurerm_cosmosdb_account" "example" {
name = "tfex-cosmosdb-account"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
offer_type = "Standard"
analytical_storage_enabled = true
resource "azurerm_cosmosdb_account" "example" {
name = "tfex-cosmosdb-account"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
offer_type = "Standard"
analytical_storage_enabled = true
resource "azurerm_cosmosdb_account" "example" {
name = "tfex-cosmosdb-account"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
offer_type = "Standard"
analytical_storage_enabled = true
resource "azurerm_cosmosdb_account" "example" {
name = "tfex-cosmosdb-account"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
offer_type = "Standard"
analytical_storage_enabled = true
resource "azurerm_cosmosdb_account" "example" {
name = "tfex-cosmosdb-account"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
offer_type = "Standard"
analytical_storage_enabled = true
resource "azurerm_cosmosdb_account" "cosmosdbaccount" {
name = "cosmosdbaccount-tf"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
offer_type = "Standard"
resource "azurerm_cosmosdb_account" "bot-cosmos-db" {
name = "organization-workflows-bot"
location = var.azure_region
resource_group_name = azurerm_resource_group.rg.name
offer_type = "Standard"
kind = "MongoDB"
resource "azurerm_cosmosdb_account" "example" {
name = "tfex-cosmosdb-account"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
offer_type = "Standard"
analytical_storage_enabled = true
Parameters
-
analytical_storage_enabled
optional - bool -
connection_strings
optional computed - list of string -
enable_automatic_failover
optional - bool -
enable_free_tier
optional - bool -
enable_multiple_write_locations
optional - bool -
endpoint
optional computed - string -
id
optional computed - string -
ip_range_filter
optional - string -
is_virtual_network_filter_enabled
optional - bool -
key_vault_key_id
optional - string -
kind
optional - string -
location
required - string -
name
required - string -
offer_type
required - string -
primary_key
optional computed - string -
primary_master_key
optional computed - string -
primary_readonly_key
optional computed - string -
primary_readonly_master_key
optional computed - string -
public_network_access_enabled
optional - bool -
read_endpoints
optional computed - list of string -
resource_group_name
required - string -
secondary_key
optional computed - string -
secondary_master_key
optional computed - string -
secondary_readonly_key
optional computed - string -
secondary_readonly_master_key
optional computed - string -
tags
optional - map from string to string -
write_endpoints
optional computed - list of string -
capabilities
set block-
name
required - string
-
-
consistency_policy
list block-
consistency_level
required - string -
max_interval_in_seconds
optional computed - number -
max_staleness_prefix
optional computed - number
-
-
geo_location
set block-
failover_priority
required - number -
id
optional computed - string -
location
required - string -
prefix
optional - string -
zone_redundant
optional - bool
-
-
timeouts
single block -
virtual_network_rule
set block-
id
required - string -
ignore_missing_vnet_service_endpoint
optional - bool
-
Explanation in Terraform Registry
Manages a CosmosDB (formally DocumentDB) Account.
Microsoft.DocumentDB/databaseAccounts (Azure Resource Manager)
The databaseAccounts in Microsoft.DocumentDB can be configured in Azure Resource Manager with the resource name Microsoft.DocumentDB/databaseAccounts
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"workbookName": {
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
Parameters
apiVersion
required - stringidentity
optionaltype
optional - stringThe type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service.
userAssignedIdentities
optional - undefinedThe list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
kind
optional - stringIndicates the type of database account. This can only be set at database account creation.
location
optional - stringThe location of the resource group to which the resource belongs.
name
required - stringCosmos DB database account name.
properties
requiredanalyticalStorageConfiguration
optionalschemaType
optional - string
apiProperties
optionalserverVersion
optional - stringDescribes the ServerVersion of an a MongoDB account.
backupPolicy
optionalmigrationState
optionalstartTime
optional - stringTime at which the backup policy migration started (ISO-8601 format).
status
optional - stringDescribes the status of migration between backup policy types.
targetType
optional - stringDescribes the target backup policy type of the backup policy migration.
capabilities
optional arrayname
optional - stringName of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin".
capacity
optionaltotalThroughputLimit
optional - integerThe total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput.
connectorOffer
optional - stringThe cassandra connector offer type for the Cosmos DB database C* account.
consistencyPolicy
optionaldefaultConsistencyLevel
required - stringThe default consistency level and configuration settings of the Cosmos DB account.
maxIntervalInSeconds
optional - integerWhen used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'.
maxStalenessPrefix
optional - integerWhen used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'.
cors
optional arrayallowedHeaders
optional - stringThe request headers that the origin domain may specify on the CORS request.
allowedMethods
optional - stringThe methods (HTTP request verbs) that the origin domain may use for a CORS request.
allowedOrigins
required - stringThe origin domains that are permitted to make a request against the service via CORS.
exposedHeaders
optional - stringThe response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer.
maxAgeInSeconds
optional - integerThe maximum amount time that a browser should cache the preflight OPTIONS request.
createMode
optional - stringEnum to indicate the mode of account creation.
databaseAccountOfferType
required - stringThe offer type for the database
defaultIdentity
optional - stringThe default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more.
disableKeyBasedMetadataWriteAccess
optional - booleanDisable write operations on metadata resources (databases, containers, throughput) via account keys
disableLocalAuth
optional - booleanOpt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication.
enableAnalyticalStorage
optional - booleanFlag to indicate whether to enable storage analytics.
enableAutomaticFailover
optional - booleanEnables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account.
enableCassandraConnector
optional - booleanEnables the cassandra connector on the Cosmos DB C* account
enableFreeTier
optional - booleanFlag to indicate whether Free Tier is enabled.
enableMultipleWriteLocations
optional - booleanEnables the account to write in multiple locations
ipRules
optional arrayipAddressOrRange
optional - stringA single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”.
isVirtualNetworkFilterEnabled
optional - booleanFlag to indicate whether to enable/disable Virtual Network ACL rules.
keyVaultKeyUri
optional - stringThe URI of the key vault
locations
required arrayfailoverPriority
optional - integerThe failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists.
isZoneRedundant
optional - booleanFlag to indicate whether or not this region is an AvailabilityZone region
locationName
optional - stringThe name of the region.
provisioningState
optional - stringThe status of the Cosmos DB account at the time the operation was called. The status can be one of following. 'Creating' – the Cosmos DB account is being created. When an account is in Creating state, only properties that are specified as input for the Create Cosmos DB account operation are returned. 'Succeeded' – the Cosmos DB account is active for use. 'Updating' – the Cosmos DB account is being updated. 'Deleting' – the Cosmos DB account is being deleted. 'Failed' – the Cosmos DB account failed creation. 'DeletionFailed' – the Cosmos DB account deletion failed.
networkAclBypass
optional - stringIndicates what services are allowed to bypass firewall checks.
networkAclBypassResourceIds
optional - arrayAn array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account.
publicNetworkAccess
optional - stringWhether requests from Public Network are allowed.
restoreParameters
optionaldatabasesToRestore
optional arraycollectionNames
optional - arrayThe names of the collections available for restore.
databaseName
optional - stringThe name of the database available for restore.
restoreMode
optional - stringDescribes the mode of the restore.
restoreSource
optional - stringThe id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName}
restoreTimestampInUtc
optional - stringTime to which the account has to be restored (ISO-8601 format).
virtualNetworkRules
optional arrayid
optional - stringResource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}.
ignoreMissingVNetServiceEndpoint
optional - booleanCreate firewall rule before the virtual network has vnet service endpoint enabled.
tags
optional - stringTags are a list of key-value pairs that describe the resource. These tags can be used in viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key no greater than 128 characters and value no greater than 256 characters. For example, the default experience for a template type is set with "defaultExperience": "Cassandra". Current "defaultExperience" values also include "Table", "Graph", "DocumentDB", and "MongoDB".
type
required - string
Frequently asked questions
What is Azure CosmosDB (DocumentDB) Account?
Azure CosmosDB (DocumentDB) Account is a resource for CosmosDB (DocumentDB) of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure CosmosDB (DocumentDB) Account?
For Terraform, the gilyas/infracost, gilyas/infracost and gilyas/infracost source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the HasanIftakher/Azure-Monitor, tulpy/Azure and gaelor/SentinelAsCode source code examples are useful. See the Azure Resource Manager Example section for further details.