Azure CosmosDB (DocumentDB) Account

This page shows how to write Terraform and Azure Resource Manager for CosmosDB (DocumentDB) Account and write them securely.

azurerm_cosmosdb_account (Terraform)

The Account in CosmosDB (DocumentDB) can be configured in Terraform with the resource name azurerm_cosmosdb_account. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

cosmosdb_sql_database_test.tf#L11
resource "azurerm_cosmosdb_account" "example" {
  name                       = "tfex-cosmosdb-account"
  resource_group_name        = azurerm_resource_group.example.name
  location                   = azurerm_resource_group.example.location
  offer_type                 = "Standard"
  analytical_storage_enabled = true
cosmosdb_cassandra_keyspace_test.tf#L11
resource "azurerm_cosmosdb_account" "example" {
  name                       = "tfex-cosmosdb-account"
  resource_group_name        = azurerm_resource_group.example.name
  location                   = azurerm_resource_group.example.location
  offer_type                 = "Standard"
  analytical_storage_enabled = true
cosmosdb_gremlin_database_test.tf#L11
resource "azurerm_cosmosdb_account" "example" {
  name                       = "tfex-cosmosdb-account"
  resource_group_name        = azurerm_resource_group.example.name
  location                   = azurerm_resource_group.example.location
  offer_type                 = "Standard"
  analytical_storage_enabled = true
cosmosdb_mongo_database_test.tf#L11
resource "azurerm_cosmosdb_account" "example" {
  name                       = "tfex-cosmosdb-account"
  resource_group_name        = azurerm_resource_group.example.name
  location                   = azurerm_resource_group.example.location
  offer_type                 = "Standard"
  analytical_storage_enabled = true
cosmosdb_table_test.tf#L11
resource "azurerm_cosmosdb_account" "example" {
  name                       = "tfex-cosmosdb-account"
  resource_group_name        = azurerm_resource_group.example.name
  location                   = azurerm_resource_group.example.location
  offer_type                 = "Standard"
  analytical_storage_enabled = true
cosmosdb_sql_container_test.tf#L11
resource "azurerm_cosmosdb_account" "example" {
  name                       = "tfex-cosmosdb-account"
  resource_group_name        = azurerm_resource_group.example.name
  location                   = azurerm_resource_group.example.location
  offer_type                 = "Standard"
  analytical_storage_enabled = true
cosmosdb_gremlin_graph_test.tf#L11
resource "azurerm_cosmosdb_account" "example" {
  name                       = "tfex-cosmosdb-account"
  resource_group_name        = azurerm_resource_group.example.name
  location                   = azurerm_resource_group.example.location
  offer_type                 = "Standard"
  analytical_storage_enabled = true
cosmosdb.tf#L13
resource "azurerm_cosmosdb_account" "cosmosdbaccount" {
  name                = "cosmosdbaccount-tf"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name

  offer_type = "Standard"
cosmos.tf#L1
resource "azurerm_cosmosdb_account" "bot-cosmos-db" {
  name                = "organization-workflows-bot"
  location            = var.azure_region
  resource_group_name = azurerm_resource_group.rg.name
  offer_type          = "Standard"
  kind                = "MongoDB"
cosmosdb_mongo_collection_test.tf#L11
resource "azurerm_cosmosdb_account" "example" {
  name                       = "tfex-cosmosdb-account"
  resource_group_name        = azurerm_resource_group.example.name
  location                   = azurerm_resource_group.example.location
  offer_type                 = "Standard"
  analytical_storage_enabled = true

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Manages a CosmosDB (formally DocumentDB) Account.

Microsoft.DocumentDB/databaseAccounts (Azure Resource Manager)

The databaseAccounts in Microsoft.DocumentDB can be configured in Azure Resource Manager with the resource name Microsoft.DocumentDB/databaseAccounts. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

template.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
template.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
AzureInventory.json
{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
        "workbookName": {
template.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
template.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",

Parameters

  • apiVersion required - string
  • identity optional
      • type optional - string

        The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service.

      • userAssignedIdentities optional - undefined

        The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

  • kind optional - string

    Indicates the type of database account. This can only be set at database account creation.

  • location optional - string

    The location of the resource group to which the resource belongs.

  • name required - string

    Cosmos DB database account name.

  • properties required
      • analyticalStorageConfiguration optional
          • schemaType optional - string
      • apiProperties optional
          • serverVersion optional - string

            Describes the ServerVersion of an a MongoDB account.

      • backupPolicy optional
          • migrationState optional
              • startTime optional - string

                Time at which the backup policy migration started (ISO-8601 format).

              • status optional - string

                Describes the status of migration between backup policy types.

              • targetType optional - string

                Describes the target backup policy type of the backup policy migration.

      • capabilities optional array
          • name optional - string

            Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin".

      • capacity optional
          • totalThroughputLimit optional - integer

            The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput.

      • connectorOffer optional - string

        The cassandra connector offer type for the Cosmos DB database C* account.

      • consistencyPolicy optional
          • defaultConsistencyLevel required - string

            The default consistency level and configuration settings of the Cosmos DB account.

          • maxIntervalInSeconds optional - integer

            When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'.

          • maxStalenessPrefix optional - integer

            When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'.

      • cors optional array
          • allowedHeaders optional - string

            The request headers that the origin domain may specify on the CORS request.

          • allowedMethods optional - string

            The methods (HTTP request verbs) that the origin domain may use for a CORS request.

          • allowedOrigins required - string

            The origin domains that are permitted to make a request against the service via CORS.

          • exposedHeaders optional - string

            The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer.

          • maxAgeInSeconds optional - integer

            The maximum amount time that a browser should cache the preflight OPTIONS request.

      • createMode optional - string

        Enum to indicate the mode of account creation.

      • databaseAccountOfferType required - string

        The offer type for the database

      • defaultIdentity optional - string

        The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more.

      • disableKeyBasedMetadataWriteAccess optional - boolean

        Disable write operations on metadata resources (databases, containers, throughput) via account keys

      • disableLocalAuth optional - boolean

        Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication.

      • enableAnalyticalStorage optional - boolean

        Flag to indicate whether to enable storage analytics.

      • enableAutomaticFailover optional - boolean

        Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account.

      • enableCassandraConnector optional - boolean

        Enables the cassandra connector on the Cosmos DB C* account

      • enableFreeTier optional - boolean

        Flag to indicate whether Free Tier is enabled.

      • enableMultipleWriteLocations optional - boolean

        Enables the account to write in multiple locations

      • ipRules optional array
          • ipAddressOrRange optional - string

            A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”.

      • isVirtualNetworkFilterEnabled optional - boolean

        Flag to indicate whether to enable/disable Virtual Network ACL rules.

      • keyVaultKeyUri optional - string

        The URI of the key vault

      • locations required array
          • failoverPriority optional - integer

            The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists.

          • isZoneRedundant optional - boolean

            Flag to indicate whether or not this region is an AvailabilityZone region

          • locationName optional - string

            The name of the region.

          • provisioningState optional - string

            The status of the Cosmos DB account at the time the operation was called. The status can be one of following. 'Creating' – the Cosmos DB account is being created. When an account is in Creating state, only properties that are specified as input for the Create Cosmos DB account operation are returned. 'Succeeded' – the Cosmos DB account is active for use. 'Updating' – the Cosmos DB account is being updated. 'Deleting' – the Cosmos DB account is being deleted. 'Failed' – the Cosmos DB account failed creation. 'DeletionFailed' – the Cosmos DB account deletion failed.

      • networkAclBypass optional - string

        Indicates what services are allowed to bypass firewall checks.

      • networkAclBypassResourceIds optional - array

        An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account.

      • publicNetworkAccess optional - string

        Whether requests from Public Network are allowed.

      • restoreParameters optional
          • databasesToRestore optional array
              • collectionNames optional - array

                The names of the collections available for restore.

              • databaseName optional - string

                The name of the database available for restore.

          • restoreMode optional - string

            Describes the mode of the restore.

          • restoreSource optional - string

            The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName}

          • restoreTimestampInUtc optional - string

            Time to which the account has to be restored (ISO-8601 format).

      • virtualNetworkRules optional array
          • id optional - string

            Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}.

          • ignoreMissingVNetServiceEndpoint optional - boolean

            Create firewall rule before the virtual network has vnet service endpoint enabled.

  • tags optional - string

    Tags are a list of key-value pairs that describe the resource. These tags can be used in viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key no greater than 128 characters and value no greater than 256 characters. For example, the default experience for a template type is set with "defaultExperience": "Cassandra". Current "defaultExperience" values also include "Table", "Graph", "DocumentDB", and "MongoDB".

  • type required - string

Frequently asked questions

What is Azure CosmosDB (DocumentDB) Account?

Azure CosmosDB (DocumentDB) Account is a resource for CosmosDB (DocumentDB) of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure CosmosDB (DocumentDB) Account?

For Terraform, the gilyas/infracost, gilyas/infracost and gilyas/infracost source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the HasanIftakher/Azure-Monitor, tulpy/Azure and gaelor/SentinelAsCode source code examples are useful. See the Azure Resource Manager Example section for further details.