Skip to content

azurermCosmosdbAccount

Manages a CosmosDB (formally DocumentDB) Account.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
import * as random from "./.gen/providers/random";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm, random.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resource-group",
  }
);
const randomIntegerRi = new random.integer.Integer(this, "ri", {
  max: 99999,
  min: 10000,
});
new azurerm.cosmosdbAccount.CosmosdbAccount(this, "db", {
  capabilities: [
    {
      name: "EnableAggregationPipeline",
    },
    {
      name: "mongoEnableDocLevelTTL",
    },
    {
      name: "MongoDBv3.4",
    },
    {
      name: "EnableMongo",
    },
  ],
  consistency_policy: [
    {
      consistency_level: "BoundedStaleness",
      max_interval_in_seconds: 300,
      max_staleness_prefix: 100000,
    },
  ],
  enable_automatic_failover: true,
  geo_location: [
    {
      failover_priority: 1,
      location: "eastus",
    },
    {
      failover_priority: 0,
      location: "westus",
    },
  ],
  kind: "MongoDB",
  location: azurermResourceGroupExample.location,
  name: `tfex-cosmos-db-\${${randomIntegerRi.result}}`,
  offer_type: "Standard",
  resource_group_name: azurermResourceGroupExample.name,
});

Argument Reference

The following arguments are supported:

  • name - (Required) Specifies the name of the CosmosDB Account. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the resource group in which the CosmosDB Account is created. Changing this forces a new resource to be created.

  • location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • tags - (Optional) A mapping of tags to assign to the resource.

  • offerType - (Required) Specifies the Offer Type to use for this CosmosDB Account; currently, this can only be set to standard.

  • analyticalStorage - (Optional) An analyticalStorage block as defined below.

  • capacity - (Optional) A capacity block as defined below.

  • createMode - (Optional) The creation mode for the CosmosDB Account. Possible values are default and restore. Changing this forces a new resource to be created.

\~> NOTE: createMode only works when backupType is continuous.

  • defaultIdentityType - (Optional) The default identity for accessing Key Vault. Possible values are firstPartyIdentity, systemAssignedIdentity or start with userAssignedIdentity.

  • kind - (Optional) Specifies the Kind of CosmosDB to create - possible values are globalDocumentDb, mongoDb and parse. Defaults to globalDocumentDb. Changing this forces a new resource to be created.

  • consistencyPolicy - (Required) Specifies a consistencyPolicy resource, used to define the consistency policy for this CosmosDB account.

  • geoLocation - (Required) Specifies a geoLocation resource, used to define where data should be replicated with the failoverPriority 0 specifying the primary location. Value is a geoLocation block as defined below.

  • ipRangeFilter - (Optional) CosmosDB Firewall Support: This value specifies the set of IP addresses or IP address ranges in CIDR form to be included as the allowed list of client IPs for a given database account. IP addresses/ranges must be comma separated and must not contain any spaces.

\~> NOTE: To enable the "Allow access from the Azure portal" behavior, you should add the IP addresses provided by the documentation to this list.

\~> NOTE: To enable the "Accept connections from within public Azure datacenters" behavior, you should add 0000 to the list, see the documentation for more details.

  • enableFreeTier - (Optional) Enable the Free Tier pricing option for this Cosmos DB account. Defaults to false. Changing this forces a new resource to be created.

  • analyticalStorageEnabled - (Optional) Enable Analytical Storage option for this Cosmos DB account. Defaults to false. Enabling and then disabling analytical storage forces a new resource to be created.

  • enableAutomaticFailover - (Optional) Enable automatic failover for this Cosmos DB account.

  • publicNetworkAccessEnabled - (Optional) Whether or not public network access is allowed for this CosmosDB account. Defaults to true.

  • capabilities - (Optional) The capabilities which should be enabled for this Cosmos DB account. Value is a capabilities block as defined below.

  • isVirtualNetworkFilterEnabled - (Optional) Enables virtual network filtering for this Cosmos DB account.

  • keyVaultKeyId - (Optional) A versionless Key Vault Key ID for CMK encryption. Changing this forces a new resource to be created.

\~> NOTE: When referencing an azurermKeyVaultKey resource, use versionlessId instead of id

\~> NOTE: In order to use a customKey from Key Vault for encryption you must grant Azure Cosmos DB Service access to your key vault. For instructions on how to configure your Key Vault correctly please refer to the product documentation

  • virtualNetworkRule - (Optional) Specifies a virtualNetworkRules resource, used to define which subnets are allowed to access this CosmosDB account.

  • enableMultipleWriteLocations - (Optional) Enable multiple write locations for this Cosmos DB account.

  • accessKeyMetadataWritesEnabled - (Optional) Is write operations on metadata resources (databases, containers, throughput) via account keys enabled? Defaults to true.

  • mongoServerVersion - (Optional) The Server Version of a MongoDB account. Possible values are 42, 40, 36, and 32.

  • networkAclBypassForAzureServices - (Optional) If Azure services can bypass ACLs. Defaults to false.

  • networkAclBypassIds - (Optional) The list of resource Ids for Network Acl Bypass for this Cosmos DB account.

  • localAuthenticationDisabled - (Optional) Disable local authentication and ensure only MSI and AAD can be used exclusively for authentication. Defaults to false. Can be set only when using the SQL API.

  • backup - (Optional) A backup block as defined below.

  • corsRule - (Optional) A corsRule block as defined below.

  • identity - (Optional) An identity block as defined below.

  • restore - (Optional) A restore block as defined below.

\~> NOTE: restore should be set when createMode is restore.

The consistencyPolicy block Configures the database consistency and supports the following:

  • consistencyLevel - (Required) The Consistency Level to use for this CosmosDB Account - can be either boundedStaleness, eventual, session, strong or consistentPrefix.

  • maxIntervalInSeconds - (Optional) When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. The accepted range for this value is 5 - 86400 (1 day). Defaults to 5. Required when consistencyLevel is set to boundedStaleness.

  • maxStalenessPrefix - (Optional) When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. The accepted range for this value is 102147483647. Defaults to 100. Required when consistencyLevel is set to boundedStaleness.

\~> Note: maxIntervalInSeconds and maxStalenessPrefix can only be set to custom values when consistencyLevel is set to boundedStaleness - otherwise they will return the default values shown above.

The geoLocation block Configures the geographic locations the data is replicated to and supports the following:

  • location - (Required) The name of the Azure region to host replicated data.

  • failoverPriority - (Required) The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. Changing this causes the location to be re-provisioned and cannot be changed for the location with failover priority 0.

  • zoneRedundant - (Optional) Should zone redundancy be enabled for this region? Defaults to false.

A capabilities block Configures the capabilities to be enabled for this Cosmos DB account:

  • name - (Required) The capability to enable - Possible values are allowSelfServeUpgradeToMongo36, disableRateLimitingResponses, enableAggregationPipeline, enableCassandra, enableGremlin, enableMongo, enableMongo16MbDocumentSupport, enableMongoRetryableWrites, enableMongoRoleBasedAccessControl, enableServerless, enableTable, enableUniqueCompoundNestedDocs, mongoDBv34 and mongoEnableDocLevelTtl.

\~> NOTE: Setting mongoDBv34 also requires setting enableMongo.

\~> NOTE: Only allowSelfServeUpgradeToMongo36, disableRateLimitingResponses, enableAggregationPipeline, mongoDBv34, enableMongoRetryableWrites, enableMongoRoleBasedAccessControl, enableUniqueCompoundNestedDocs, enableMongo16MbDocumentSupport and mongoEnableDocLevelTtl can be added to an existing Cosmos DB account.

\~> NOTE: Only disableRateLimitingResponses and enableMongoRetryableWrites can be removed from an existing Cosmos DB account.

The virtualNetworkRule block Configures the virtual network subnets allowed to access this Cosmos DB account and supports the following:

  • id - (Required) The ID of the virtual network subnet.
  • ignoreMissingVnetServiceEndpoint - (Optional) If set to true, the specified subnet will be added as a virtual network rule even if its CosmosDB service endpoint is not active. Defaults to false.

An analyticalStorage block supports the following:

  • schemaType - (Required) The schema type of the Analytical Storage for this Cosmos DB account. Possible values are fullFidelity and wellDefined.

A capacity block supports the following:

  • totalThroughputLimit - (Required) The total throughput limit imposed on this Cosmos DB account (RU/s). Possible values are at least 1. 1 means no limit.

A backup block supports the following:

  • type - (Required) The type of the backup. Possible values are continuous and periodic. Migration of periodic to continuous is one-way, changing continuous to periodic forces a new resource to be created.

  • intervalInMinutes - (Optional) The interval in minutes between two backups. This is configurable only when type is periodic. Possible values are between 60 and 1440.

  • retentionInHours - (Optional) The time in hours that each backup is retained. This is configurable only when type is periodic. Possible values are between 8 and 720.

  • storageRedundancy - (Optional) The storage redundancy is used to indicate the type of backup residency. This is configurable only when type is periodic. Possible values are geo, local and zone.

A corsRule block supports the following:

  • allowedHeaders - (Required) A list of headers that are allowed to be a part of the cross-origin request.

  • allowedMethods - (Required) A list of HTTP headers that are allowed to be executed by the origin. Valid options are delete, get, head, merge, post, options, put or patch.

  • allowedOrigins - (Required) A list of origin domains that will be allowed by CORS.

  • exposedHeaders - (Required) A list of response headers that are exposed to CORS clients.

  • maxAgeInSeconds - (Required) The number of seconds the client should cache a preflight response.

An identity block supports the following:

  • type - (Required) The Type of Managed Identity assigned to this Cosmos account. Possible values are systemAssigned, userAssigned and systemAssigned,UserAssigned.

  • identityIds - (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this Cosmos Account.

A restore block supports the following:

  • sourceCosmosdbAccountId - (Required) The resource ID of the restorable database account from which the restore has to be initiated. The example is /subscriptions/{subscriptionId}/providers/microsoftDocumentDb/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName}. Changing this forces a new resource to be created.

\~> NOTE: Any database account with continuous type (live account or accounts deleted in last 30 days) is a restorable database account and there cannot be Create/Update/Delete operations on the restorable database accounts. They can only be read and retrieved by azurermCosmosdbRestorableDatabaseAccounts.

  • restoreTimestampInUtc - (Required) The creation time of the database or the collection (Datetime Format rfc3339). Changing this forces a new resource to be created.

  • database - (Optional) A database block as defined below. Changing this forces a new resource to be created.

A database block supports the following:

  • name - (Required) The database name for the restore request. Changing this forces a new resource to be created.

  • collectionNames - (Optional) A list of the collection names for the restore request. Changing this forces a new resource to be created.

Attributes Reference

The following attributes are exported:

  • id - The CosmosDB Account ID.

  • endpoint - The endpoint used to connect to the CosmosDB account.

  • readEndpoints - A list of read endpoints available for this CosmosDB account.

  • writeEndpoints - A list of write endpoints available for this CosmosDB account.

  • primaryKey - The Primary key for the CosmosDB Account.

  • secondaryKey - The Secondary key for the CosmosDB Account.

  • primaryReadonlyKey - The Primary read-only Key for the CosmosDB Account.

  • secondaryReadonlyKey - The Secondary read-only key for the CosmosDB Account.

  • connectionStrings - A list of connection strings available for this CosmosDB account.

An identity block exports the following:

  • principalId - The Principal ID associated with this Managed Service Identity.

  • tenantId - The Tenant ID associated with this Managed Service Identity.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 180 minutes) Used when creating the CosmosDB Account.
  • update - (Defaults to 180 minutes) Used when updating the CosmosDB Account.
  • read - (Defaults to 5 minutes) Used when retrieving the CosmosDB Account.
  • delete - (Defaults to 180 minutes) Used when deleting the CosmosDB Account.

Import

CosmosDB Accounts can be imported using the resourceId, e.g.

terraform import azurerm_cosmosdb_account.account1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.DocumentDB/databaseAccounts/account1