Microsoft.DocumentDB databaseAccounts 2022-11-15

Bicep resource definition

The databaseAccounts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.DocumentDB/databaseAccounts@2022-11-15' = {
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  kind: 'string'
  location: 'string'
  name: 'string'
  properties: {
    analyticalStorageConfiguration: {
      schemaType: 'string'
    }
    apiProperties: {
      serverVersion: 'string'
    }
    backupPolicy: {
      migrationState: {
        startTime: 'string'
        status: 'string'
        targetType: 'string'
      }
      type: 'string'
      // For remaining properties, see BackupPolicy objects
    }
    capabilities: [
      {
        name: 'string'
      }
    ]
    capacity: {
      totalThroughputLimit: int
    }
    connectorOffer: 'string'
    consistencyPolicy: {
      defaultConsistencyLevel: 'string'
      maxIntervalInSeconds: int
      maxStalenessPrefix: int
    }
    cors: [
      {
        allowedHeaders: 'string'
        allowedMethods: 'string'
        allowedOrigins: 'string'
        exposedHeaders: 'string'
        maxAgeInSeconds: int
      }
    ]
    createMode: 'string'
    databaseAccountOfferType: 'Standard'
    defaultIdentity: 'string'
    disableKeyBasedMetadataWriteAccess: bool
    disableLocalAuth: bool
    enableAnalyticalStorage: bool
    enableAutomaticFailover: bool
    enableCassandraConnector: bool
    enableFreeTier: bool
    enableMultipleWriteLocations: bool
    enablePartitionMerge: bool
    ipRules: [
      {
        ipAddressOrRange: 'string'
      }
    ]
    isVirtualNetworkFilterEnabled: bool
    keyVaultKeyUri: 'string'
    locations: [
      {
        failoverPriority: int
        isZoneRedundant: bool
        locationName: 'string'
      }
    ]
    minimalTlsVersion: 'string'
    networkAclBypass: 'string'
    networkAclBypassResourceIds: [
      'string'
    ]
    publicNetworkAccess: 'string'
    restoreParameters: {
      databasesToRestore: [
        {
          collectionNames: [
            'string'
          ]
          databaseName: 'string'
        }
      ]
      gremlinDatabasesToRestore: [
        {
          databaseName: 'string'
          graphNames: [
            'string'
          ]
        }
      ]
      restoreMode: 'string'
      restoreSource: 'string'
      restoreTimestampInUtc: 'string'
      tablesToRestore: [
        'string'
      ]
    }
    virtualNetworkRules: [
      {
        id: 'string'
        ignoreMissingVNetServiceEndpoint: bool
      }
    ]
  }
  tags: {
    {customized property}: 'string'
  }
}

BackupPolicy objects

Set the type property to specify the type of object.

For Continuous, use:

{
  type: 'Continuous'
}

For Periodic, use:

{
  periodicModeProperties: {
    backupIntervalInMinutes: int
    backupRetentionIntervalInHours: int
    backupStorageRedundancy: 'string'
  }
  type: 'Periodic'
}

Property values

AnalyticalStorageConfiguration

Name Description Value
schemaType Describes the types of schema for analytical storage. 'FullFidelity'
'WellDefined'

ApiProperties

Name Description Value
serverVersion Describes the ServerVersion of an a MongoDB account. '3.2'
'3.6'
'4.0'
'4.2'

BackupPolicy

Name Description Value
migrationState The object representing the state of the migration between the backup policies. BackupPolicyMigrationState
type Set to 'Continuous' for type ContinuousModeBackupPolicy. Set to 'Periodic' for type PeriodicModeBackupPolicy. 'Continuous'
'Periodic' (required)

BackupPolicyMigrationState

Name Description Value
startTime Time at which the backup policy migration started (ISO-8601 format). string
status Describes the status of migration between backup policy types. 'Completed'
'Failed'
'InProgress'
'Invalid'
targetType Describes the target backup policy type of the backup policy migration. 'Continuous'
'Periodic'

Capability

Name Description Value
name Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". string

Capacity

Name Description Value
totalThroughputLimit The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. int

Constraints:
Min value = -1

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

ConsistencyPolicy

Name Description Value
defaultConsistencyLevel The default consistency level and configuration settings of the Cosmos DB account. 'BoundedStaleness'
'ConsistentPrefix'
'Eventual'
'Session'
'Strong' (required)
maxIntervalInSeconds When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. int

Constraints:
Min value = 5
Max value = 86400
maxStalenessPrefix When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. int

Constraints:
Min value = 1
Max value = 2147483647

ContinuousModeBackupPolicy

Name Description Value
type Describes the mode of backups. 'Continuous' (required)

CorsPolicy

Name Description Value
allowedHeaders The request headers that the origin domain may specify on the CORS request. string
allowedMethods The methods (HTTP request verbs) that the origin domain may use for a CORS request. string
allowedOrigins The origin domains that are permitted to make a request against the service via CORS. string (required)
exposedHeaders The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. string
maxAgeInSeconds The maximum amount time that a browser should cache the preflight OPTIONS request. int

Constraints:
Min value = 1
Max value = 2147483647

DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties

Name Description Value
analyticalStorageConfiguration Analytical storage specific properties. AnalyticalStorageConfiguration
apiProperties API specific properties. Currently, supported only for MongoDB API. ApiProperties
backupPolicy The object representing the policy for taking backups on an account. BackupPolicy
capabilities List of Cosmos DB capabilities for the account Capability[]
capacity The object that represents all properties related to capacity enforcement on an account. Capacity
connectorOffer The cassandra connector offer type for the Cosmos DB database C* account. 'Small'
consistencyPolicy The consistency policy for the Cosmos DB account. ConsistencyPolicy
cors The CORS policy for the Cosmos DB database account. CorsPolicy[]
createMode Enum to indicate the mode of account creation. 'Default'
'Restore'
databaseAccountOfferType The offer type for the database 'Standard' (required)
defaultIdentity The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. string
disableKeyBasedMetadataWriteAccess Disable write operations on metadata resources (databases, containers, throughput) via account keys bool
disableLocalAuth Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. bool
enableAnalyticalStorage Flag to indicate whether to enable storage analytics. bool
enableAutomaticFailover Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. bool
enableCassandraConnector Enables the cassandra connector on the Cosmos DB C* account bool
enableFreeTier Flag to indicate whether Free Tier is enabled. bool
enableMultipleWriteLocations Enables the account to write in multiple locations bool
enablePartitionMerge Flag to indicate enabling/disabling of Partition Merge feature on the account bool
ipRules List of IpRules. IpAddressOrRange[]
isVirtualNetworkFilterEnabled Flag to indicate whether to enable/disable Virtual Network ACL rules. bool
keyVaultKeyUri The URI of the key vault string
locations An array that contains the georeplication locations enabled for the Cosmos DB account. Location[] (required)
minimalTlsVersion Indicates the minimum allowed Tls version. The default is Tls 1.0, except for Cassandra and Mongo API's, which only work with Tls 1.2. 'Tls'
'Tls11'
'Tls12'
networkAclBypass Indicates what services are allowed to bypass firewall checks. 'AzureServices'
'None'
networkAclBypassResourceIds An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. string[]
publicNetworkAccess Whether requests from Public Network are allowed 'Disabled'
'Enabled'
restoreParameters Parameters to indicate the information about the restore. RestoreParameters
virtualNetworkRules List of Virtual Network ACL rules configured for the Cosmos DB account. VirtualNetworkRule[]

DatabaseRestoreResource

Name Description Value
collectionNames The names of the collections available for restore. string[]
databaseName The name of the database available for restore. string

GremlinDatabaseRestoreResource

Name Description Value
databaseName The name of the gremlin database available for restore. string
graphNames The names of the graphs available for restore. string[]

IpAddressOrRange

Name Description Value
ipAddressOrRange A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. string

Location

Name Description Value
failoverPriority The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. int

Constraints:
Min value = 0
isZoneRedundant Flag to indicate whether or not this region is an AvailabilityZone region bool
locationName The name of the region. string

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.DocumentDB/databaseAccounts

Name Description Value
identity Identity for the resource. ManagedServiceIdentity
kind Indicates the type of database account. This can only be set at database account creation. 'GlobalDocumentDB'
'MongoDB'
'Parse'
location The location of the resource group to which the resource belongs. string
name The resource name string

Constraints:
Min length = 3
Max length = 3
Pattern = ^[a-z0-9]+(-[a-z0-9]+)* (required)
properties Properties to create and update Azure Cosmos DB database accounts. DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates

PeriodicModeBackupPolicy

Name Description Value
periodicModeProperties Configuration values for periodic mode backup PeriodicModeProperties
type Describes the mode of backups. 'Periodic' (required)

PeriodicModeProperties

Name Description Value
backupIntervalInMinutes An integer representing the interval in minutes between two backups int

Constraints:
Min value = 0
backupRetentionIntervalInHours An integer representing the time (in hours) that each backup is retained int

Constraints:
Min value = 0
backupStorageRedundancy Enum to indicate type of backup residency 'Geo'
'Local'
'Zone'

RestoreParameters

Name Description Value
databasesToRestore List of specific databases available for restore. DatabaseRestoreResource[]
gremlinDatabasesToRestore List of specific gremlin databases available for restore. GremlinDatabaseRestoreResource[]
restoreMode Describes the mode of the restore. 'PointInTime'
restoreSource The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} string
restoreTimestampInUtc Time to which the account has to be restored (ISO-8601 format). string
tablesToRestore List of specific tables available for restore. string[]

Tags

Name Description Value

VirtualNetworkRule

Name Description Value
id Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. string
ignoreMissingVNetServiceEndpoint Create firewall rule before the virtual network has vnet service endpoint enabled. bool

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Azure Cosmos DB account SQL API with analytical store This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store.
Azure Cosmos DB Account with Web App This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings.
Create a Cosmos DB account with Microsoft Defender enabled Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders.
Create a free-tier Azure Cosmos DB account This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container.
Create a minimal Azure Cosmos DB account for Core (SQL) API This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties.
Create a Serverless Azure Cosmos DB account for SQL API This template creates an serverless Azure Cosmos DB account for the Core (SQL) API.
Create a zero touch Azure Cosmos account and Azure Web App This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub.
Create an Azure Cosmos account for MongoDB API This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections.
Create an Azure Cosmos account for MongoDB API autoscale This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput.
Create an Azure Cosmos account for Table API This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput.
Create an Azure Cosmos account for Table API with autoscale This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput.
Create an Azure Cosmos DB account for Cassandra API This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput.
Create an Azure Cosmos DB account for Core (SQL) API This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options.
Create an Azure Cosmos DB account for Gremlin API This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput.
Create an Azure Cosmos DB account for Gremlin API autoscale This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput.
Create an Azure Cosmos DB account in multiple regions This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type.
Create an Azure Cosmos DB account SQL API with autoscale This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options.
Create an Azure Cosmos DB Account with a private endpoint This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network.
Create an Azure Cosmos DB SQL Account with data plane RBAC This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity.
Create an Azure CosmosDB Account This ARM template is intented to create a CosmosDB Account quickly with the minimal required values
Create autoscale Azure Cosmos DB account for Cassandra API This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput.
Create Azure Cosmos DB Core (SQL) API stored procedures This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function.
Creates a Dapr microservices app using Container Apps Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps Create a Dapr pub-sub servicebus app using Container Apps.
Deploy Azure Data Explorer DB with Cosmos DB connection Deploy Azure Data Explorer DB with Cosmos DB connection.

ARM template resource definition

The databaseAccounts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.DocumentDB/databaseAccounts resource, add the following JSON to your template.

{
  "type": "Microsoft.DocumentDB/databaseAccounts",
  "apiVersion": "2022-11-15",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "kind": "string",
  "location": "string",
  "properties": {
    "analyticalStorageConfiguration": {
      "schemaType": "string"
    },
    "apiProperties": {
      "serverVersion": "string"
    },
    "backupPolicy": {
      "migrationState": {
        "startTime": "string",
        "status": "string",
        "targetType": "string"
      },
      "type": "string"
      // For remaining properties, see BackupPolicy objects
    },
    "capabilities": [
      {
        "name": "string"
      }
    ],
    "capacity": {
      "totalThroughputLimit": "int"
    },
    "connectorOffer": "string",
    "consistencyPolicy": {
      "defaultConsistencyLevel": "string",
      "maxIntervalInSeconds": "int",
      "maxStalenessPrefix": "int"
    },
    "cors": [
      {
        "allowedHeaders": "string",
        "allowedMethods": "string",
        "allowedOrigins": "string",
        "exposedHeaders": "string",
        "maxAgeInSeconds": "int"
      }
    ],
    "createMode": "string",
    "databaseAccountOfferType": "Standard",
    "defaultIdentity": "string",
    "disableKeyBasedMetadataWriteAccess": "bool",
    "disableLocalAuth": "bool",
    "enableAnalyticalStorage": "bool",
    "enableAutomaticFailover": "bool",
    "enableCassandraConnector": "bool",
    "enableFreeTier": "bool",
    "enableMultipleWriteLocations": "bool",
    "enablePartitionMerge": "bool",
    "ipRules": [
      {
        "ipAddressOrRange": "string"
      }
    ],
    "isVirtualNetworkFilterEnabled": "bool",
    "keyVaultKeyUri": "string",
    "locations": [
      {
        "failoverPriority": "int",
        "isZoneRedundant": "bool",
        "locationName": "string"
      }
    ],
    "minimalTlsVersion": "string",
    "networkAclBypass": "string",
    "networkAclBypassResourceIds": [ "string" ],
    "publicNetworkAccess": "string",
    "restoreParameters": {
      "databasesToRestore": [
        {
          "collectionNames": [ "string" ],
          "databaseName": "string"
        }
      ],
      "gremlinDatabasesToRestore": [
        {
          "databaseName": "string",
          "graphNames": [ "string" ]
        }
      ],
      "restoreMode": "string",
      "restoreSource": "string",
      "restoreTimestampInUtc": "string",
      "tablesToRestore": [ "string" ]
    },
    "virtualNetworkRules": [
      {
        "id": "string",
        "ignoreMissingVNetServiceEndpoint": "bool"
      }
    ]
  },
  "tags": {
    "{customized property}": "string"
  }
}

BackupPolicy objects

Set the type property to specify the type of object.

For Continuous, use:

{
  "type": "Continuous"
}

For Periodic, use:

{
  "periodicModeProperties": {
    "backupIntervalInMinutes": "int",
    "backupRetentionIntervalInHours": "int",
    "backupStorageRedundancy": "string"
  },
  "type": "Periodic"
}

Property values

AnalyticalStorageConfiguration

Name Description Value
schemaType Describes the types of schema for analytical storage. 'FullFidelity'
'WellDefined'

ApiProperties

Name Description Value
serverVersion Describes the ServerVersion of an a MongoDB account. '3.2'
'3.6'
'4.0'
'4.2'

BackupPolicy

Name Description Value
migrationState The object representing the state of the migration between the backup policies. BackupPolicyMigrationState
type Set to 'Continuous' for type ContinuousModeBackupPolicy. Set to 'Periodic' for type PeriodicModeBackupPolicy. 'Continuous'
'Periodic' (required)

BackupPolicyMigrationState

Name Description Value
startTime Time at which the backup policy migration started (ISO-8601 format). string
status Describes the status of migration between backup policy types. 'Completed'
'Failed'
'InProgress'
'Invalid'
targetType Describes the target backup policy type of the backup policy migration. 'Continuous'
'Periodic'

Capability

Name Description Value
name Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". string

Capacity

Name Description Value
totalThroughputLimit The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. int

Constraints:
Min value = -1

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

ConsistencyPolicy

Name Description Value
defaultConsistencyLevel The default consistency level and configuration settings of the Cosmos DB account. 'BoundedStaleness'
'ConsistentPrefix'
'Eventual'
'Session'
'Strong' (required)
maxIntervalInSeconds When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. int

Constraints:
Min value = 5
Max value = 86400
maxStalenessPrefix When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. int

Constraints:
Min value = 1
Max value = 2147483647

ContinuousModeBackupPolicy

Name Description Value
type Describes the mode of backups. 'Continuous' (required)

CorsPolicy

Name Description Value
allowedHeaders The request headers that the origin domain may specify on the CORS request. string
allowedMethods The methods (HTTP request verbs) that the origin domain may use for a CORS request. string
allowedOrigins The origin domains that are permitted to make a request against the service via CORS. string (required)
exposedHeaders The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. string
maxAgeInSeconds The maximum amount time that a browser should cache the preflight OPTIONS request. int

Constraints:
Min value = 1
Max value = 2147483647

DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties

Name Description Value
analyticalStorageConfiguration Analytical storage specific properties. AnalyticalStorageConfiguration
apiProperties API specific properties. Currently, supported only for MongoDB API. ApiProperties
backupPolicy The object representing the policy for taking backups on an account. BackupPolicy
capabilities List of Cosmos DB capabilities for the account Capability[]
capacity The object that represents all properties related to capacity enforcement on an account. Capacity
connectorOffer The cassandra connector offer type for the Cosmos DB database C* account. 'Small'
consistencyPolicy The consistency policy for the Cosmos DB account. ConsistencyPolicy
cors The CORS policy for the Cosmos DB database account. CorsPolicy[]
createMode Enum to indicate the mode of account creation. 'Default'
'Restore'
databaseAccountOfferType The offer type for the database 'Standard' (required)
defaultIdentity The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. string
disableKeyBasedMetadataWriteAccess Disable write operations on metadata resources (databases, containers, throughput) via account keys bool
disableLocalAuth Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. bool
enableAnalyticalStorage Flag to indicate whether to enable storage analytics. bool
enableAutomaticFailover Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. bool
enableCassandraConnector Enables the cassandra connector on the Cosmos DB C* account bool
enableFreeTier Flag to indicate whether Free Tier is enabled. bool
enableMultipleWriteLocations Enables the account to write in multiple locations bool
enablePartitionMerge Flag to indicate enabling/disabling of Partition Merge feature on the account bool
ipRules List of IpRules. IpAddressOrRange[]
isVirtualNetworkFilterEnabled Flag to indicate whether to enable/disable Virtual Network ACL rules. bool
keyVaultKeyUri The URI of the key vault string
locations An array that contains the georeplication locations enabled for the Cosmos DB account. Location[] (required)
minimalTlsVersion Indicates the minimum allowed Tls version. The default is Tls 1.0, except for Cassandra and Mongo API's, which only work with Tls 1.2. 'Tls'
'Tls11'
'Tls12'
networkAclBypass Indicates what services are allowed to bypass firewall checks. 'AzureServices'
'None'
networkAclBypassResourceIds An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. string[]
publicNetworkAccess Whether requests from Public Network are allowed 'Disabled'
'Enabled'
restoreParameters Parameters to indicate the information about the restore. RestoreParameters
virtualNetworkRules List of Virtual Network ACL rules configured for the Cosmos DB account. VirtualNetworkRule[]

DatabaseRestoreResource

Name Description Value
collectionNames The names of the collections available for restore. string[]
databaseName The name of the database available for restore. string

GremlinDatabaseRestoreResource

Name Description Value
databaseName The name of the gremlin database available for restore. string
graphNames The names of the graphs available for restore. string[]

IpAddressOrRange

Name Description Value
ipAddressOrRange A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. string

Location

Name Description Value
failoverPriority The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. int

Constraints:
Min value = 0
isZoneRedundant Flag to indicate whether or not this region is an AvailabilityZone region bool
locationName The name of the region. string

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.DocumentDB/databaseAccounts

Name Description Value
apiVersion The api version '2022-11-15'
identity Identity for the resource. ManagedServiceIdentity
kind Indicates the type of database account. This can only be set at database account creation. 'GlobalDocumentDB'
'MongoDB'
'Parse'
location The location of the resource group to which the resource belongs. string
name The resource name string

Constraints:
Min length = 3
Max length = 3
Pattern = ^[a-z0-9]+(-[a-z0-9]+)* (required)
properties Properties to create and update Azure Cosmos DB database accounts. DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.DocumentDB/databaseAccounts'

PeriodicModeBackupPolicy

Name Description Value
periodicModeProperties Configuration values for periodic mode backup PeriodicModeProperties
type Describes the mode of backups. 'Periodic' (required)

PeriodicModeProperties

Name Description Value
backupIntervalInMinutes An integer representing the interval in minutes between two backups int

Constraints:
Min value = 0
backupRetentionIntervalInHours An integer representing the time (in hours) that each backup is retained int

Constraints:
Min value = 0
backupStorageRedundancy Enum to indicate type of backup residency 'Geo'
'Local'
'Zone'

RestoreParameters

Name Description Value
databasesToRestore List of specific databases available for restore. DatabaseRestoreResource[]
gremlinDatabasesToRestore List of specific gremlin databases available for restore. GremlinDatabaseRestoreResource[]
restoreMode Describes the mode of the restore. 'PointInTime'
restoreSource The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} string
restoreTimestampInUtc Time to which the account has to be restored (ISO-8601 format). string
tablesToRestore List of specific tables available for restore. string[]

Tags

Name Description Value

VirtualNetworkRule

Name Description Value
id Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. string
ignoreMissingVNetServiceEndpoint Create firewall rule before the virtual network has vnet service endpoint enabled. bool

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Azure Cosmos DB account SQL API with analytical store

Deploy to Azure
This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store.
Azure Cosmos DB Account with Web App

Deploy to Azure
This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings.
CI/CD using Jenkins on Azure Container Service (AKS)

Deploy to Azure
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment.
Create a Cosmos DB account with Microsoft Defender enabled

Deploy to Azure
Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders.
Create a free-tier Azure Cosmos DB account

Deploy to Azure
This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container.
Create a minimal Azure Cosmos DB account for Core (SQL) API

Deploy to Azure
This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties.
Create a Serverless Azure Cosmos DB account for SQL API

Deploy to Azure
This template creates an serverless Azure Cosmos DB account for the Core (SQL) API.
Create a zero touch Azure Cosmos account and Azure Web App

Deploy to Azure
This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub.
Create an Azure Cosmos account for MongoDB API

Deploy to Azure
This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections.
Create an Azure Cosmos account for MongoDB API autoscale

Deploy to Azure
This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput.
Create an Azure Cosmos account for Table API

Deploy to Azure
This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput.
Create an Azure Cosmos account for Table API with autoscale

Deploy to Azure
This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput.
Create an Azure Cosmos DB account for Cassandra API

Deploy to Azure
This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput.
Create an Azure Cosmos DB account for Core (SQL) API

Deploy to Azure
This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options.
Create an Azure Cosmos DB account for Gremlin API

Deploy to Azure
This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput.
Create an Azure Cosmos DB account for Gremlin API autoscale

Deploy to Azure
This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput.
Create an Azure Cosmos DB account in multiple regions

Deploy to Azure
This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type.
Create an Azure Cosmos DB account SQL API with autoscale

Deploy to Azure
This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options.
Create an Azure Cosmos DB Account with a private endpoint

Deploy to Azure
This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network.
Create an Azure Cosmos DB SQL Account with data plane RBAC

Deploy to Azure
This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity.
Create an Azure CosmosDB Account

Deploy to Azure
This ARM template is intented to create a CosmosDB Account quickly with the minimal required values
Create autoscale Azure Cosmos DB account for Cassandra API

Deploy to Azure
This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput.
Create Azure Cosmos DB Core (SQL) API stored procedures

Deploy to Azure
This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function.
Create Azure Cosmos with SQL API and multiple containers

Deploy to Azure
The template creates a Cosmos container with a SQL API and allows adding mulitple containers.
Creates a Dapr microservices app using Container Apps

Deploy to Azure
Create a Dapr microservices app using Container Apps.
Creates a Dapr pub-sub servicebus app using Container Apps

Deploy to Azure
Create a Dapr pub-sub servicebus app using Container Apps.
Deploy Azure Data Explorer DB with Cosmos DB connection

Deploy to Azure
Deploy Azure Data Explorer DB with Cosmos DB connection.
Web App with a SQL Database, Azure Cosmos DB, Azure Search

Deploy to Azure
This template provisions a Web App, a SQL Database, Azure Cosmos DB, Azure Search and Application Insights.

Terraform (AzAPI provider) resource definition

The databaseAccounts resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.DocumentDB/databaseAccounts@2022-11-15"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  kind = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      analyticalStorageConfiguration = {
        schemaType = "string"
      }
      apiProperties = {
        serverVersion = "string"
      }
      backupPolicy = {
        migrationState = {
          startTime = "string"
          status = "string"
          targetType = "string"
        }
        type = "string"
        // For remaining properties, see BackupPolicy objects
      }
      capabilities = [
        {
          name = "string"
        }
      ]
      capacity = {
        totalThroughputLimit = int
      }
      connectorOffer = "string"
      consistencyPolicy = {
        defaultConsistencyLevel = "string"
        maxIntervalInSeconds = int
        maxStalenessPrefix = int
      }
      cors = [
        {
          allowedHeaders = "string"
          allowedMethods = "string"
          allowedOrigins = "string"
          exposedHeaders = "string"
          maxAgeInSeconds = int
        }
      ]
      createMode = "string"
      databaseAccountOfferType = "Standard"
      defaultIdentity = "string"
      disableKeyBasedMetadataWriteAccess = bool
      disableLocalAuth = bool
      enableAnalyticalStorage = bool
      enableAutomaticFailover = bool
      enableCassandraConnector = bool
      enableFreeTier = bool
      enableMultipleWriteLocations = bool
      enablePartitionMerge = bool
      ipRules = [
        {
          ipAddressOrRange = "string"
        }
      ]
      isVirtualNetworkFilterEnabled = bool
      keyVaultKeyUri = "string"
      locations = [
        {
          failoverPriority = int
          isZoneRedundant = bool
          locationName = "string"
        }
      ]
      minimalTlsVersion = "string"
      networkAclBypass = "string"
      networkAclBypassResourceIds = [
        "string"
      ]
      publicNetworkAccess = "string"
      restoreParameters = {
        databasesToRestore = [
          {
            collectionNames = [
              "string"
            ]
            databaseName = "string"
          }
        ]
        gremlinDatabasesToRestore = [
          {
            databaseName = "string"
            graphNames = [
              "string"
            ]
          }
        ]
        restoreMode = "string"
        restoreSource = "string"
        restoreTimestampInUtc = "string"
        tablesToRestore = [
          "string"
        ]
      }
      virtualNetworkRules = [
        {
          id = "string"
          ignoreMissingVNetServiceEndpoint = bool
        }
      ]
    }
  })
}

BackupPolicy objects

Set the type property to specify the type of object.

For Continuous, use:

{
  type = "Continuous"
}

For Periodic, use:

{
  periodicModeProperties = {
    backupIntervalInMinutes = int
    backupRetentionIntervalInHours = int
    backupStorageRedundancy = "string"
  }
  type = "Periodic"
}

Property values

AnalyticalStorageConfiguration

Name Description Value
schemaType Describes the types of schema for analytical storage. 'FullFidelity'
'WellDefined'

ApiProperties

Name Description Value
serverVersion Describes the ServerVersion of an a MongoDB account. '3.2'
'3.6'
'4.0'
'4.2'

BackupPolicy

Name Description Value
migrationState The object representing the state of the migration between the backup policies. BackupPolicyMigrationState
type Set to 'Continuous' for type ContinuousModeBackupPolicy. Set to 'Periodic' for type PeriodicModeBackupPolicy. 'Continuous'
'Periodic' (required)

BackupPolicyMigrationState

Name Description Value
startTime Time at which the backup policy migration started (ISO-8601 format). string
status Describes the status of migration between backup policy types. 'Completed'
'Failed'
'InProgress'
'Invalid'
targetType Describes the target backup policy type of the backup policy migration. 'Continuous'
'Periodic'

Capability

Name Description Value
name Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". string

Capacity

Name Description Value
totalThroughputLimit The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. int

Constraints:
Min value = -1

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name Description Value

ConsistencyPolicy

Name Description Value
defaultConsistencyLevel The default consistency level and configuration settings of the Cosmos DB account. 'BoundedStaleness'
'ConsistentPrefix'
'Eventual'
'Session'
'Strong' (required)
maxIntervalInSeconds When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. int

Constraints:
Min value = 5
Max value = 86400
maxStalenessPrefix When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. int

Constraints:
Min value = 1
Max value = 2147483647

ContinuousModeBackupPolicy

Name Description Value
type Describes the mode of backups. 'Continuous' (required)

CorsPolicy

Name Description Value
allowedHeaders The request headers that the origin domain may specify on the CORS request. string
allowedMethods The methods (HTTP request verbs) that the origin domain may use for a CORS request. string
allowedOrigins The origin domains that are permitted to make a request against the service via CORS. string (required)
exposedHeaders The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. string
maxAgeInSeconds The maximum amount time that a browser should cache the preflight OPTIONS request. int

Constraints:
Min value = 1
Max value = 2147483647

DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties

Name Description Value
analyticalStorageConfiguration Analytical storage specific properties. AnalyticalStorageConfiguration
apiProperties API specific properties. Currently, supported only for MongoDB API. ApiProperties
backupPolicy The object representing the policy for taking backups on an account. BackupPolicy
capabilities List of Cosmos DB capabilities for the account Capability[]
capacity The object that represents all properties related to capacity enforcement on an account. Capacity
connectorOffer The cassandra connector offer type for the Cosmos DB database C* account. 'Small'
consistencyPolicy The consistency policy for the Cosmos DB account. ConsistencyPolicy
cors The CORS policy for the Cosmos DB database account. CorsPolicy[]
createMode Enum to indicate the mode of account creation. 'Default'
'Restore'
databaseAccountOfferType The offer type for the database 'Standard' (required)
defaultIdentity The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. string
disableKeyBasedMetadataWriteAccess Disable write operations on metadata resources (databases, containers, throughput) via account keys bool
disableLocalAuth Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. bool
enableAnalyticalStorage Flag to indicate whether to enable storage analytics. bool
enableAutomaticFailover Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. bool
enableCassandraConnector Enables the cassandra connector on the Cosmos DB C* account bool
enableFreeTier Flag to indicate whether Free Tier is enabled. bool
enableMultipleWriteLocations Enables the account to write in multiple locations bool
enablePartitionMerge Flag to indicate enabling/disabling of Partition Merge feature on the account bool
ipRules List of IpRules. IpAddressOrRange[]
isVirtualNetworkFilterEnabled Flag to indicate whether to enable/disable Virtual Network ACL rules. bool
keyVaultKeyUri The URI of the key vault string
locations An array that contains the georeplication locations enabled for the Cosmos DB account. Location[] (required)
minimalTlsVersion Indicates the minimum allowed Tls version. The default is Tls 1.0, except for Cassandra and Mongo API's, which only work with Tls 1.2. 'Tls'
'Tls11'
'Tls12'
networkAclBypass Indicates what services are allowed to bypass firewall checks. 'AzureServices'
'None'
networkAclBypassResourceIds An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. string[]
publicNetworkAccess Whether requests from Public Network are allowed 'Disabled'
'Enabled'
restoreParameters Parameters to indicate the information about the restore. RestoreParameters
virtualNetworkRules List of Virtual Network ACL rules configured for the Cosmos DB account. VirtualNetworkRule[]

DatabaseRestoreResource

Name Description Value
collectionNames The names of the collections available for restore. string[]
databaseName The name of the database available for restore. string

GremlinDatabaseRestoreResource

Name Description Value
databaseName The name of the gremlin database available for restore. string
graphNames The names of the graphs available for restore. string[]

IpAddressOrRange

Name Description Value
ipAddressOrRange A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. string

Location

Name Description Value
failoverPriority The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. int

Constraints:
Min value = 0
isZoneRedundant Flag to indicate whether or not this region is an AvailabilityZone region bool
locationName The name of the region. string

ManagedServiceIdentity

Name Description Value
type The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned'
userAssignedIdentities The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name Description Value

Microsoft.DocumentDB/databaseAccounts

Name Description Value
identity Identity for the resource. ManagedServiceIdentity
kind Indicates the type of database account. This can only be set at database account creation. 'GlobalDocumentDB'
'MongoDB'
'Parse'
location The location of the resource group to which the resource belongs. string
name The resource name string

Constraints:
Min length = 3
Max length = 3
Pattern = ^[a-z0-9]+(-[a-z0-9]+)* (required)
properties Properties to create and update Azure Cosmos DB database accounts. DatabaseAccountCreateUpdatePropertiesOrDatabaseAccountGetProperties (required)
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.DocumentDB/databaseAccounts@2022-11-15"

PeriodicModeBackupPolicy

Name Description Value
periodicModeProperties Configuration values for periodic mode backup PeriodicModeProperties
type Describes the mode of backups. 'Periodic' (required)

PeriodicModeProperties

Name Description Value
backupIntervalInMinutes An integer representing the interval in minutes between two backups int

Constraints:
Min value = 0
backupRetentionIntervalInHours An integer representing the time (in hours) that each backup is retained int

Constraints:
Min value = 0
backupStorageRedundancy Enum to indicate type of backup residency 'Geo'
'Local'
'Zone'

RestoreParameters

Name Description Value
databasesToRestore List of specific databases available for restore. DatabaseRestoreResource[]
gremlinDatabasesToRestore List of specific gremlin databases available for restore. GremlinDatabaseRestoreResource[]
restoreMode Describes the mode of the restore. 'PointInTime'
restoreSource The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} string
restoreTimestampInUtc Time to which the account has to be restored (ISO-8601 format). string
tablesToRestore List of specific tables available for restore. string[]

Tags

Name Description Value

VirtualNetworkRule

Name Description Value
id Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. string
ignoreMissingVNetServiceEndpoint Create firewall rule before the virtual network has vnet service endpoint enabled. bool