Microsoft.DocumentDB databaseAccounts 2023-09-15
- Latest
- 2024-05-15
- 2024-05-15-preview
- 2024-02-15-preview
- 2023-11-15
- 2023-11-15-preview
- 2023-09-15
- 2023-09-15-preview
- 2023-04-15
- 2023-03-15
- 2023-03-15-preview
- 2023-03-01-preview
- 2022-11-15
- 2022-11-15-preview
- 2022-08-15
- 2022-08-15-preview
- 2022-05-15
- 2022-05-15-preview
- 2022-02-15-preview
- 2021-11-15-preview
- 2021-10-15
- 2021-10-15-preview
- 2021-07-01-preview
- 2021-06-15
- 2021-05-15
- 2021-04-15
- 2021-04-01-preview
- 2021-03-15
- 2021-03-01-preview
- 2021-01-15
- 2020-09-01
- 2020-06-01-preview
- 2020-04-01
- 2020-03-01
- 2019-12-12
- 2019-08-01
- 2016-03-31
- 2016-03-19
- 2015-11-06
- 2015-04-08
- 2015-04-01
Bicep resource definition
The databaseAccounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.DocumentDB/databaseAccounts@2023-09-15' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
kind: 'string'
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
properties: {
analyticalStorageConfiguration: {
schemaType: 'string'
}
apiProperties: {
serverVersion: 'string'
}
backupPolicy: {
migrationState: {
startTime: 'string'
status: 'string'
targetType: 'string'
}
type: 'string'
// For remaining properties, see BackupPolicy objects
}
capabilities: [
{
name: 'string'
}
]
capacity: {
totalThroughputLimit: int
}
connectorOffer: 'Small'
consistencyPolicy: {
defaultConsistencyLevel: 'string'
maxIntervalInSeconds: int
maxStalenessPrefix: int
}
cors: [
{
allowedHeaders: 'string'
allowedMethods: 'string'
allowedOrigins: 'string'
exposedHeaders: 'string'
maxAgeInSeconds: int
}
]
createMode: 'string'
customerManagedKeyStatus: 'string'
databaseAccountOfferType: 'Standard'
defaultIdentity: 'string'
disableKeyBasedMetadataWriteAccess: bool
disableLocalAuth: bool
enableAnalyticalStorage: bool
enableAutomaticFailover: bool
enableBurstCapacity: bool
enableCassandraConnector: bool
enableFreeTier: bool
enableMultipleWriteLocations: bool
enablePartitionMerge: bool
ipRules: [
{
ipAddressOrRange: 'string'
}
]
isVirtualNetworkFilterEnabled: bool
keyVaultKeyUri: 'string'
locations: [
{
failoverPriority: int
isZoneRedundant: bool
locationName: 'string'
}
]
minimalTlsVersion: 'string'
networkAclBypass: 'string'
networkAclBypassResourceIds: [
'string'
]
publicNetworkAccess: 'string'
restoreParameters: {
databasesToRestore: [
{
collectionNames: [
'string'
]
databaseName: 'string'
}
]
gremlinDatabasesToRestore: [
{
databaseName: 'string'
graphNames: [
'string'
]
}
]
restoreMode: 'PointInTime'
restoreSource: 'string'
restoreTimestampInUtc: 'string'
tablesToRestore: [
'string'
]
}
virtualNetworkRules: [
{
id: 'string'
ignoreMissingVNetServiceEndpoint: bool
}
]
}
}
BackupPolicy objects
Set the type property to specify the type of object.
For Continuous, use:
type: 'Continuous'
continuousModeProperties: {
tier: 'string'
}
For Periodic, use:
type: 'Periodic'
periodicModeProperties: {
backupIntervalInMinutes: int
backupRetentionIntervalInHours: int
backupStorageRedundancy: 'string'
}
Property values
databaseAccounts
Name | Description | Value |
---|---|---|
name | The resource name | string (required) Character limit: 3-44 Valid characters: Lowercase letters, numbers, and hyphens. Start with lowercase letter or number. Resource name must be unique across Azure. |
location | The location of the resource group to which the resource belongs. | string |
tags | Tags are a list of key-value pairs that describe the resource. These tags can be used in viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key no greater than 128 characters and value no greater than 256 characters. For example, the default experience for a template type is set with "defaultExperience": "Cassandra". Current "defaultExperience" values also include "Table", "Graph", "DocumentDB", and "MongoDB". | Dictionary of tag names and values. See Tags in templates |
kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB' 'MongoDB' 'Parse' |
identity | Identity for the resource. | ManagedServiceIdentity |
properties | Properties to create and update Azure Cosmos DB database accounts. | DatabaseAccountCreateUpdatePropertiesOrDatabaseAccou... (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | Components1Jq1T4ISchemasManagedserviceidentityProper... |
Components1Jq1T4ISchemasManagedserviceidentityProper...
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
DatabaseAccountCreateUpdatePropertiesOrDatabaseAccou...
Name | Description | Value |
---|---|---|
analyticalStorageConfiguration | Analytical storage specific properties. | AnalyticalStorageConfiguration |
apiProperties | API specific properties. Currently, supported only for MongoDB API. | ApiProperties |
backupPolicy | The object representing the policy for taking backups on an account. | BackupPolicy |
capabilities | List of Cosmos DB capabilities for the account | Capability[] |
capacity | The object that represents all properties related to capacity enforcement on an account. | Capacity |
connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' |
consistencyPolicy | The consistency policy for the Cosmos DB account. | ConsistencyPolicy |
cors | The CORS policy for the Cosmos DB database account. | CorsPolicy[] |
createMode | Enum to indicate the mode of account creation. | 'Default' 'Restore' |
customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | 'Access to the configured customer managed key confirmed.' 'Access to your account is currently revoked because the Azure Cosmos DB account has an undefined default identity; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#invalid-azure-cosmos-db-default-identity (4015).''Access to your account is currently revoked because the Azure Cosmos DB account's key vault key URI does not follow the expected format; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#improper-syntax-detected-on-the-key-vault-uri-property (4006).''Access to your account is currently revoked because the Azure Cosmos DB service is unable to obtain the AAD authentication token for the account's default identity; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#azure-active-directory-token-acquisition-error (4000).''Access to your account is currently revoked because the Azure Cosmos DB service is unable to wrap or unwrap the key; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#internal-unwrapping-procedure-error (4005).''Access to your account is currently revoked because the Azure Key Vault DNS name specified by the account's keyvaultkeyuri property could not be resolved; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#unable-to-resolve-the-key-vaults-dns (4009).''Access to your account is currently revoked because the access rules are blocking outbound requests to the Azure Key Vault service; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide (4016).''Access to your account is currently revoked because the correspondent Azure Key Vault was not found; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#azure-key-vault-resource-not-found (4017).''Access to your account is currently revoked because the correspondent key is not found on the specified Key Vault; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#azure-key-vault-resource-not-found (4003).''Access to your account is currently revoked because the current default identity no longer has permission to the associated Key Vault key; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#default-identity-is-unauthorized-to-access-the-azure-key-vault-key (4002).''Access to your account is currently revoked; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide ' |
databaseAccountOfferType | The offer type for the database | 'Standard' (required) |
defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string |
disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool |
disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool |
enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool |
enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool |
enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity Preview feature on the account | bool |
enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool |
enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool |
enableMultipleWriteLocations | Enables the account to write in multiple locations | bool |
enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool |
ipRules | List of IpRules. | IpAddressOrRange[] |
isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool |
keyVaultKeyUri | The URI of the key vault | string |
locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | Location[] (required) |
minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls' 'Tls11' 'Tls12' |
networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices' 'None' |
networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] |
publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' 'SecuredByPerimeter' |
restoreParameters | Parameters to indicate the information about the restore. | RestoreParameters |
virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | VirtualNetworkRule[] |
AnalyticalStorageConfiguration
Name | Description | Value |
---|---|---|
schemaType | Describes the types of schema for analytical storage. | 'FullFidelity' 'WellDefined' |
ApiProperties
Name | Description | Value |
---|---|---|
serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2' '3.6' '4.0' '4.2' |
BackupPolicy
Name | Description | Value |
---|---|---|
migrationState | The object representing the state of the migration between the backup policies. | BackupPolicyMigrationState |
type | Set the object type | Continuous Periodic (required) |
BackupPolicyMigrationState
Name | Description | Value |
---|---|---|
startTime | Time at which the backup policy migration started (ISO-8601 format). | string |
status | Describes the status of migration between backup policy types. | 'Completed' 'Failed' 'InProgress' 'Invalid' |
targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous' 'Periodic' |
ContinuousModeBackupPolicy
Name | Description | Value |
---|---|---|
type | Describes the mode of backups. | 'Continuous' (required) |
continuousModeProperties | Configuration values for continuous mode backup | ContinuousModeProperties |
ContinuousModeProperties
Name | Description | Value |
---|---|---|
tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days' 'Continuous7Days' |
PeriodicModeBackupPolicy
Name | Description | Value |
---|---|---|
type | Describes the mode of backups. | 'Periodic' (required) |
periodicModeProperties | Configuration values for periodic mode backup | PeriodicModeProperties |
PeriodicModeProperties
Name | Description | Value |
---|---|---|
backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int Constraints: Min value = 0 |
backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int Constraints: Min value = 0 |
backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo' 'Local' 'Zone' |
Capability
Name | Description | Value |
---|---|---|
name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string |
Capacity
Name | Description | Value |
---|---|---|
totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int |
ConsistencyPolicy
Name | Description | Value |
---|---|---|
defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness' 'ConsistentPrefix' 'Eventual' 'Session' 'Strong' (required) |
maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int Constraints: Min value = 5 Max value = 86400 |
maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int Constraints: Min value = 1 Max value = 2147483647 |
CorsPolicy
Name | Description | Value |
---|---|---|
allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string |
allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string |
allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) |
exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string |
maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int Constraints: Min value = 1 Max value = 2147483647 |
IpAddressOrRange
Name | Description | Value |
---|---|---|
ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string |
Location
Name | Description | Value |
---|---|---|
failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int Constraints: Min value = 0 |
isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool |
locationName | The name of the region. | string |
RestoreParameters
Name | Description | Value |
---|---|---|
databasesToRestore | List of specific databases available for restore. | DatabaseRestoreResource[] |
gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | GremlinDatabaseRestoreResource[] |
restoreMode | Describes the mode of the restore. | 'PointInTime' |
restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string |
restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string |
tablesToRestore | List of specific tables available for restore. | string[] |
DatabaseRestoreResource
Name | Description | Value |
---|---|---|
collectionNames | The names of the collections available for restore. | string[] |
databaseName | The name of the database available for restore. | string |
GremlinDatabaseRestoreResource
Name | Description | Value |
---|---|---|
databaseName | The name of the gremlin database available for restore. | string |
graphNames | The names of the graphs available for restore. | string[] |
VirtualNetworkRule
Name | Description | Value |
---|---|---|
id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string |
ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
CI/CD using Jenkins on Azure Container Service (AKS) |
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. |
Web App with a SQL Database, Azure Cosmos DB, Azure Search |
This template provisions a Web App, a SQL Database, Azure Cosmos DB, Azure Search and Application Insights. |
Create an Azure Cosmos DB account for Cassandra API |
This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput. |
Create autoscale Azure Cosmos DB account for Cassandra API |
This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput. |
Create an Azure CosmosDB Account |
This ARM template is intented to create a CosmosDB Account quickly with the minimal required values |
Create an Azure Cosmos DB account in multiple regions |
This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type. |
Create a free-tier Azure Cosmos DB account |
This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container. |
Create an Azure Cosmos DB account for Gremlin API |
This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput. |
Create an Azure Cosmos DB account for Gremlin API autoscale |
This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput. |
Create an Azure Cosmos account for MongoDB API |
This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections. |
Create an Azure Cosmos account for MongoDB API autoscale |
This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput. |
Create an Azure Cosmos DB Account with a private endpoint |
This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network. |
Create an Azure Cosmos DB account for Core (SQL) API |
This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options. |
Azure Cosmos DB account SQL API with analytical store |
This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store. |
Create an Azure Cosmos DB account SQL API with autoscale |
This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options. |
Create Azure Cosmos DB Core (SQL) API stored procedures |
This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function. |
Create a minimal Azure Cosmos DB account for Core (SQL) API |
This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties. |
Create Azure Cosmos with SQL API and multiple containers |
The template creates a Cosmos container with a SQL API and allows adding mulitple containers. |
Create an Azure Cosmos DB SQL Account with data plane RBAC |
This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity. |
Create a Serverless Azure Cosmos DB account for SQL API |
This template creates an serverless Azure Cosmos DB account for the Core (SQL) API. |
Create an Azure Cosmos account for Table API |
This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput. |
Create an Azure Cosmos account for Table API with autoscale |
This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput. |
Create a zero touch Azure Cosmos account and Azure Web App |
This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub. |
Create a Cosmos DB account with Microsoft Defender enabled |
Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders. |
Deploy Azure Data Explorer DB with Cosmos DB connection |
Deploy Azure Data Explorer DB with Cosmos DB connection. |
Azure Cosmos DB Account with Web App |
This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings. |
ARM template resource definition
The databaseAccounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.DocumentDB/databaseAccounts resource, add the following JSON to your template.
{
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2023-09-15",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"kind": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {}
}
},
"properties": {
"analyticalStorageConfiguration": {
"schemaType": "string"
},
"apiProperties": {
"serverVersion": "string"
},
"backupPolicy": {
"migrationState": {
"startTime": "string",
"status": "string",
"targetType": "string"
},
"type": "string"
// For remaining properties, see BackupPolicy objects
},
"capabilities": [
{
"name": "string"
}
],
"capacity": {
"totalThroughputLimit": "int"
},
"connectorOffer": "Small",
"consistencyPolicy": {
"defaultConsistencyLevel": "string",
"maxIntervalInSeconds": "int",
"maxStalenessPrefix": "int"
},
"cors": [
{
"allowedHeaders": "string",
"allowedMethods": "string",
"allowedOrigins": "string",
"exposedHeaders": "string",
"maxAgeInSeconds": "int"
}
],
"createMode": "string",
"customerManagedKeyStatus": "string",
"databaseAccountOfferType": "Standard",
"defaultIdentity": "string",
"disableKeyBasedMetadataWriteAccess": "bool",
"disableLocalAuth": "bool",
"enableAnalyticalStorage": "bool",
"enableAutomaticFailover": "bool",
"enableBurstCapacity": "bool",
"enableCassandraConnector": "bool",
"enableFreeTier": "bool",
"enableMultipleWriteLocations": "bool",
"enablePartitionMerge": "bool",
"ipRules": [
{
"ipAddressOrRange": "string"
}
],
"isVirtualNetworkFilterEnabled": "bool",
"keyVaultKeyUri": "string",
"locations": [
{
"failoverPriority": "int",
"isZoneRedundant": "bool",
"locationName": "string"
}
],
"minimalTlsVersion": "string",
"networkAclBypass": "string",
"networkAclBypassResourceIds": [ "string" ],
"publicNetworkAccess": "string",
"restoreParameters": {
"databasesToRestore": [
{
"collectionNames": [ "string" ],
"databaseName": "string"
}
],
"gremlinDatabasesToRestore": [
{
"databaseName": "string",
"graphNames": [ "string" ]
}
],
"restoreMode": "PointInTime",
"restoreSource": "string",
"restoreTimestampInUtc": "string",
"tablesToRestore": [ "string" ]
},
"virtualNetworkRules": [
{
"id": "string",
"ignoreMissingVNetServiceEndpoint": "bool"
}
]
}
}
BackupPolicy objects
Set the type property to specify the type of object.
For Continuous, use:
"type": "Continuous",
"continuousModeProperties": {
"tier": "string"
}
For Periodic, use:
"type": "Periodic",
"periodicModeProperties": {
"backupIntervalInMinutes": "int",
"backupRetentionIntervalInHours": "int",
"backupStorageRedundancy": "string"
}
Property values
databaseAccounts
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.DocumentDB/databaseAccounts' |
apiVersion | The resource api version | '2023-09-15' |
name | The resource name | string (required) Character limit: 3-44 Valid characters: Lowercase letters, numbers, and hyphens. Start with lowercase letter or number. Resource name must be unique across Azure. |
location | The location of the resource group to which the resource belongs. | string |
tags | Tags are a list of key-value pairs that describe the resource. These tags can be used in viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key no greater than 128 characters and value no greater than 256 characters. For example, the default experience for a template type is set with "defaultExperience": "Cassandra". Current "defaultExperience" values also include "Table", "Graph", "DocumentDB", and "MongoDB". | Dictionary of tag names and values. See Tags in templates |
kind | Indicates the type of database account. This can only be set at database account creation. | 'GlobalDocumentDB' 'MongoDB' 'Parse' |
identity | Identity for the resource. | ManagedServiceIdentity |
properties | Properties to create and update Azure Cosmos DB database accounts. | DatabaseAccountCreateUpdatePropertiesOrDatabaseAccou... (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' |
userAssignedIdentities | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | Components1Jq1T4ISchemasManagedserviceidentityProper... |
Components1Jq1T4ISchemasManagedserviceidentityProper...
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
DatabaseAccountCreateUpdatePropertiesOrDatabaseAccou...
Name | Description | Value |
---|---|---|
analyticalStorageConfiguration | Analytical storage specific properties. | AnalyticalStorageConfiguration |
apiProperties | API specific properties. Currently, supported only for MongoDB API. | ApiProperties |
backupPolicy | The object representing the policy for taking backups on an account. | BackupPolicy |
capabilities | List of Cosmos DB capabilities for the account | Capability[] |
capacity | The object that represents all properties related to capacity enforcement on an account. | Capacity |
connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | 'Small' |
consistencyPolicy | The consistency policy for the Cosmos DB account. | ConsistencyPolicy |
cors | The CORS policy for the Cosmos DB database account. | CorsPolicy[] |
createMode | Enum to indicate the mode of account creation. | 'Default' 'Restore' |
customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | 'Access to the configured customer managed key confirmed.' 'Access to your account is currently revoked because the Azure Cosmos DB account has an undefined default identity; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#invalid-azure-cosmos-db-default-identity (4015).''Access to your account is currently revoked because the Azure Cosmos DB account's key vault key URI does not follow the expected format; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#improper-syntax-detected-on-the-key-vault-uri-property (4006).''Access to your account is currently revoked because the Azure Cosmos DB service is unable to obtain the AAD authentication token for the account's default identity; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#azure-active-directory-token-acquisition-error (4000).''Access to your account is currently revoked because the Azure Cosmos DB service is unable to wrap or unwrap the key; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#internal-unwrapping-procedure-error (4005).''Access to your account is currently revoked because the Azure Key Vault DNS name specified by the account's keyvaultkeyuri property could not be resolved; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#unable-to-resolve-the-key-vaults-dns (4009).''Access to your account is currently revoked because the access rules are blocking outbound requests to the Azure Key Vault service; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide (4016).''Access to your account is currently revoked because the correspondent Azure Key Vault was not found; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#azure-key-vault-resource-not-found (4017).''Access to your account is currently revoked because the correspondent key is not found on the specified Key Vault; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#azure-key-vault-resource-not-found (4003).''Access to your account is currently revoked because the current default identity no longer has permission to the associated Key Vault key; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#default-identity-is-unauthorized-to-access-the-azure-key-vault-key (4002).''Access to your account is currently revoked; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide ' |
databaseAccountOfferType | The offer type for the database | 'Standard' (required) |
defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string |
disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool |
disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool |
enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool |
enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool |
enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity Preview feature on the account | bool |
enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool |
enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool |
enableMultipleWriteLocations | Enables the account to write in multiple locations | bool |
enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool |
ipRules | List of IpRules. | IpAddressOrRange[] |
isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool |
keyVaultKeyUri | The URI of the key vault | string |
locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | Location[] (required) |
minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | 'Tls' 'Tls11' 'Tls12' |
networkAclBypass | Indicates what services are allowed to bypass firewall checks. | 'AzureServices' 'None' |
networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] |
publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' 'SecuredByPerimeter' |
restoreParameters | Parameters to indicate the information about the restore. | RestoreParameters |
virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | VirtualNetworkRule[] |
AnalyticalStorageConfiguration
Name | Description | Value |
---|---|---|
schemaType | Describes the types of schema for analytical storage. | 'FullFidelity' 'WellDefined' |
ApiProperties
Name | Description | Value |
---|---|---|
serverVersion | Describes the ServerVersion of an a MongoDB account. | '3.2' '3.6' '4.0' '4.2' |
BackupPolicy
Name | Description | Value |
---|---|---|
migrationState | The object representing the state of the migration between the backup policies. | BackupPolicyMigrationState |
type | Set the object type | Continuous Periodic (required) |
BackupPolicyMigrationState
Name | Description | Value |
---|---|---|
startTime | Time at which the backup policy migration started (ISO-8601 format). | string |
status | Describes the status of migration between backup policy types. | 'Completed' 'Failed' 'InProgress' 'Invalid' |
targetType | Describes the target backup policy type of the backup policy migration. | 'Continuous' 'Periodic' |
ContinuousModeBackupPolicy
Name | Description | Value |
---|---|---|
type | Describes the mode of backups. | 'Continuous' (required) |
continuousModeProperties | Configuration values for continuous mode backup | ContinuousModeProperties |
ContinuousModeProperties
Name | Description | Value |
---|---|---|
tier | Enum to indicate type of Continuous backup mode | 'Continuous30Days' 'Continuous7Days' |
PeriodicModeBackupPolicy
Name | Description | Value |
---|---|---|
type | Describes the mode of backups. | 'Periodic' (required) |
periodicModeProperties | Configuration values for periodic mode backup | PeriodicModeProperties |
PeriodicModeProperties
Name | Description | Value |
---|---|---|
backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int Constraints: Min value = 0 |
backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int Constraints: Min value = 0 |
backupStorageRedundancy | Enum to indicate type of backup residency | 'Geo' 'Local' 'Zone' |
Capability
Name | Description | Value |
---|---|---|
name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string |
Capacity
Name | Description | Value |
---|---|---|
totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int |
ConsistencyPolicy
Name | Description | Value |
---|---|---|
defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | 'BoundedStaleness' 'ConsistentPrefix' 'Eventual' 'Session' 'Strong' (required) |
maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int Constraints: Min value = 5 Max value = 86400 |
maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int Constraints: Min value = 1 Max value = 2147483647 |
CorsPolicy
Name | Description | Value |
---|---|---|
allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string |
allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string |
allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) |
exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string |
maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int Constraints: Min value = 1 Max value = 2147483647 |
IpAddressOrRange
Name | Description | Value |
---|---|---|
ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string |
Location
Name | Description | Value |
---|---|---|
failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int Constraints: Min value = 0 |
isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool |
locationName | The name of the region. | string |
RestoreParameters
Name | Description | Value |
---|---|---|
databasesToRestore | List of specific databases available for restore. | DatabaseRestoreResource[] |
gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | GremlinDatabaseRestoreResource[] |
restoreMode | Describes the mode of the restore. | 'PointInTime' |
restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string |
restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string |
tablesToRestore | List of specific tables available for restore. | string[] |
DatabaseRestoreResource
Name | Description | Value |
---|---|---|
collectionNames | The names of the collections available for restore. | string[] |
databaseName | The name of the database available for restore. | string |
GremlinDatabaseRestoreResource
Name | Description | Value |
---|---|---|
databaseName | The name of the gremlin database available for restore. | string |
graphNames | The names of the graphs available for restore. | string[] |
VirtualNetworkRule
Name | Description | Value |
---|---|---|
id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string |
ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
CI/CD using Jenkins on Azure Container Service (AKS) |
Containers make it very easy for you to continuously build and deploy your applications. By orchestrating deployment of those containers using Kubernetes in Azure Container Service, you can achieve replicable, manageable clusters of containers. By setting up a continuous build to produce your container images and orchestration, you can increase the speed and reliability of your deployment. |
Web App with a SQL Database, Azure Cosmos DB, Azure Search |
This template provisions a Web App, a SQL Database, Azure Cosmos DB, Azure Search and Application Insights. |
Create an Azure Cosmos DB account for Cassandra API |
This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with dedicated throughput. |
Create autoscale Azure Cosmos DB account for Cassandra API |
This template creates an Azure Cosmos DB account for Cassandra API in two regions with a keyspace and table with autoscale throughput. |
Create an Azure CosmosDB Account |
This ARM template is intented to create a CosmosDB Account quickly with the minimal required values |
Create an Azure Cosmos DB account in multiple regions |
This template creates an Azure Cosmos DB account for any database API type with a primary and secondary region with choice of consistency level and failover type. |
Create a free-tier Azure Cosmos DB account |
This template creates a free-tier Azure Cosmos DB account for SQL API with a database with shared throughput and container. |
Create an Azure Cosmos DB account for Gremlin API |
This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using dedicated throughput. |
Create an Azure Cosmos DB account for Gremlin API autoscale |
This template creates an Azure Cosmos DB account for Gremlin API in two regions with one database and one graph using autoscale throughput. |
Create an Azure Cosmos account for MongoDB API |
This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using shared and dedicated throughput with two collections. |
Create an Azure Cosmos account for MongoDB API autoscale |
This template creates an Azure Cosmos DB account for MongoDB API 4.2 in two regions using both shared and dedicated autoscale throughput. |
Create an Azure Cosmos DB Account with a private endpoint |
This template will create a Cosmos account, a virtual network and a private endpoint exposing the Cosmos account to the virtual network. |
Create an Azure Cosmos DB account for Core (SQL) API |
This template creates an Azure Cosmos account for Core (SQL) API with a database and container with throughput with multiple other options. |
Azure Cosmos DB account SQL API with analytical store |
This template creates an Azure Cosmos account for Core (SQL) API with a database and container configured with analytical store. |
Create an Azure Cosmos DB account SQL API with autoscale |
This template creates an Azure Cosmos account for Core (SQL) API with a database and container with autoscale throughput with multiple other options. |
Create Azure Cosmos DB Core (SQL) API stored procedures |
This template creates an Azure Cosmos DB account for Core (SQL) API and a container with a stored procedure, trigger and user defined function. |
Create a minimal Azure Cosmos DB account for Core (SQL) API |
This template creates an Azure Cosmos DB account for the Core (SQL) API while only specifying the minimal required resource properties. |
Create Azure Cosmos with SQL API and multiple containers |
The template creates a Cosmos container with a SQL API and allows adding mulitple containers. |
Create an Azure Cosmos DB SQL Account with data plane RBAC |
This template will create a SQL Cosmos account, a natively maintained Role Definition, and a natively maintained Role Assignment for an AAD identity. |
Create a Serverless Azure Cosmos DB account for SQL API |
This template creates an serverless Azure Cosmos DB account for the Core (SQL) API. |
Create an Azure Cosmos account for Table API |
This template creates an Azure Cosmos DB account for Table API in two regions and a single table with provisioned throughput. |
Create an Azure Cosmos account for Table API with autoscale |
This template creates an Azure Cosmos DB account for Table API in two regions and a single table with autoscale throughput. |
Create a zero touch Azure Cosmos account and Azure Web App |
This template creates an Azure Cosmos account, injects the Cosmos DB endpoint and keys into Azure Web App settings, then deploys an ASP MVC web app from GitHub. |
Create a Cosmos DB account with Microsoft Defender enabled |
Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders. |
Deploy Azure Data Explorer DB with Cosmos DB connection |
Deploy Azure Data Explorer DB with Cosmos DB connection. |
Azure Cosmos DB Account with Web App |
This template deploys an Azure Cosmos DB account, an App Service Plan, and creates a Web App in the App Service Plan. It also adds two Application settings to the Web App that reference the Azure Cosmos DB account endpoint. This way solutions deployed to the Web App can connect to the Azure Cosmos DB account endpoint using those settings. |
Terraform (AzAPI provider) resource definition
The databaseAccounts resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.DocumentDB/databaseAccounts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.DocumentDB/databaseAccounts@2023-09-15"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
analyticalStorageConfiguration = {
schemaType = "string"
}
apiProperties = {
serverVersion = "string"
}
backupPolicy = {
migrationState = {
startTime = "string"
status = "string"
targetType = "string"
}
type = "string"
// For remaining properties, see BackupPolicy objects
}
capabilities = [
{
name = "string"
}
]
capacity = {
totalThroughputLimit = int
}
connectorOffer = "Small"
consistencyPolicy = {
defaultConsistencyLevel = "string"
maxIntervalInSeconds = int
maxStalenessPrefix = int
}
cors = [
{
allowedHeaders = "string"
allowedMethods = "string"
allowedOrigins = "string"
exposedHeaders = "string"
maxAgeInSeconds = int
}
]
createMode = "string"
customerManagedKeyStatus = "string"
databaseAccountOfferType = "Standard"
defaultIdentity = "string"
disableKeyBasedMetadataWriteAccess = bool
disableLocalAuth = bool
enableAnalyticalStorage = bool
enableAutomaticFailover = bool
enableBurstCapacity = bool
enableCassandraConnector = bool
enableFreeTier = bool
enableMultipleWriteLocations = bool
enablePartitionMerge = bool
ipRules = [
{
ipAddressOrRange = "string"
}
]
isVirtualNetworkFilterEnabled = bool
keyVaultKeyUri = "string"
locations = [
{
failoverPriority = int
isZoneRedundant = bool
locationName = "string"
}
]
minimalTlsVersion = "string"
networkAclBypass = "string"
networkAclBypassResourceIds = [
"string"
]
publicNetworkAccess = "string"
restoreParameters = {
databasesToRestore = [
{
collectionNames = [
"string"
]
databaseName = "string"
}
]
gremlinDatabasesToRestore = [
{
databaseName = "string"
graphNames = [
"string"
]
}
]
restoreMode = "PointInTime"
restoreSource = "string"
restoreTimestampInUtc = "string"
tablesToRestore = [
"string"
]
}
virtualNetworkRules = [
{
id = "string"
ignoreMissingVNetServiceEndpoint = bool
}
]
}
kind = "string"
})
}
BackupPolicy objects
Set the type property to specify the type of object.
For Continuous, use:
type = "Continuous"
continuousModeProperties = {
tier = "string"
}
For Periodic, use:
type = "Periodic"
periodicModeProperties = {
backupIntervalInMinutes = int
backupRetentionIntervalInHours = int
backupStorageRedundancy = "string"
}
Property values
databaseAccounts
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.DocumentDB/databaseAccounts@2023-09-15" |
name | The resource name | string (required) Character limit: 3-44 Valid characters: Lowercase letters, numbers, and hyphens. Start with lowercase letter or number. Resource name must be unique across Azure. |
location | The location of the resource group to which the resource belongs. | string |
parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
tags | Tags are a list of key-value pairs that describe the resource. These tags can be used in viewing and grouping this resource (across resource groups). A maximum of 15 tags can be provided for a resource. Each tag must have a key no greater than 128 characters and value no greater than 256 characters. For example, the default experience for a template type is set with "defaultExperience": "Cassandra". Current "defaultExperience" values also include "Table", "Graph", "DocumentDB", and "MongoDB". | Dictionary of tag names and values. |
kind | Indicates the type of database account. This can only be set at database account creation. | "GlobalDocumentDB" "MongoDB" "Parse" |
identity | Identity for the resource. | ManagedServiceIdentity |
properties | Properties to create and update Azure Cosmos DB database accounts. | DatabaseAccountCreateUpdatePropertiesOrDatabaseAccou... (required) |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | The type of identity used for the resource. The type 'SystemAssigned,UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the service. | "SystemAssigned" "SystemAssigned,UserAssigned" "UserAssigned" |
identity_ids | The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. | Array of user identity IDs. |
ManagedServiceIdentityUserAssignedIdentities
Name | Description | Value |
---|---|---|
{customized property} | Components1Jq1T4ISchemasManagedserviceidentityProper... |
Components1Jq1T4ISchemasManagedserviceidentityProper...
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
DatabaseAccountCreateUpdatePropertiesOrDatabaseAccou...
Name | Description | Value |
---|---|---|
analyticalStorageConfiguration | Analytical storage specific properties. | AnalyticalStorageConfiguration |
apiProperties | API specific properties. Currently, supported only for MongoDB API. | ApiProperties |
backupPolicy | The object representing the policy for taking backups on an account. | BackupPolicy |
capabilities | List of Cosmos DB capabilities for the account | Capability[] |
capacity | The object that represents all properties related to capacity enforcement on an account. | Capacity |
connectorOffer | The cassandra connector offer type for the Cosmos DB database C* account. | "Small" |
consistencyPolicy | The consistency policy for the Cosmos DB account. | ConsistencyPolicy |
cors | The CORS policy for the Cosmos DB database account. | CorsPolicy[] |
createMode | Enum to indicate the mode of account creation. | "Default" "Restore" |
customerManagedKeyStatus | Indicates the status of the Customer Managed Key feature on the account. In case there are errors, the property provides troubleshooting guidance. | "Access to the configured customer managed key confirmed." "Access to your account is currently revoked because the Azure Cosmos DB account has an undefined default identity; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#invalid-azure-cosmos-db-default-identity (4015).""Access to your account is currently revoked because the Azure Cosmos DB account"s key vault key URI does not follow the expected format; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#improper-syntax-detected-on-the-key-vault-uri-property (4006).""Access to your account is currently revoked because the Azure Cosmos DB service is unable to obtain the AAD authentication token for the account"s default identity; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#azure-active-directory-token-acquisition-error (4000).""Access to your account is currently revoked because the Azure Cosmos DB service is unable to wrap or unwrap the key; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#internal-unwrapping-procedure-error (4005).""Access to your account is currently revoked because the Azure Key Vault DNS name specified by the account"s keyvaultkeyuri property could not be resolved; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#unable-to-resolve-the-key-vaults-dns (4009).""Access to your account is currently revoked because the access rules are blocking outbound requests to the Azure Key Vault service; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide (4016).""Access to your account is currently revoked because the correspondent Azure Key Vault was not found; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#azure-key-vault-resource-not-found (4017).""Access to your account is currently revoked because the correspondent key is not found on the specified Key Vault; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#azure-key-vault-resource-not-found (4003).""Access to your account is currently revoked because the current default identity no longer has permission to the associated Key Vault key; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide#default-identity-is-unauthorized-to-access-the-azure-key-vault-key (4002).""Access to your account is currently revoked; for more details about this error and how to restore access to your account please visit https://learn.microsoft.com/en-us/azure/cosmos-db/cmk-troubleshooting-guide " |
databaseAccountOfferType | The offer type for the database | "Standard" (required) |
defaultIdentity | The default identity for accessing key vault used in features like customer managed keys. The default identity needs to be explicitly set by the users. It can be "FirstPartyIdentity", "SystemAssignedIdentity" and more. | string |
disableKeyBasedMetadataWriteAccess | Disable write operations on metadata resources (databases, containers, throughput) via account keys | bool |
disableLocalAuth | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | bool |
enableAnalyticalStorage | Flag to indicate whether to enable storage analytics. | bool |
enableAutomaticFailover | Enables automatic failover of the write region in the rare event that the region is unavailable due to an outage. Automatic failover will result in a new write region for the account and is chosen based on the failover priorities configured for the account. | bool |
enableBurstCapacity | Flag to indicate enabling/disabling of Burst Capacity Preview feature on the account | bool |
enableCassandraConnector | Enables the cassandra connector on the Cosmos DB C* account | bool |
enableFreeTier | Flag to indicate whether Free Tier is enabled. | bool |
enableMultipleWriteLocations | Enables the account to write in multiple locations | bool |
enablePartitionMerge | Flag to indicate enabling/disabling of Partition Merge feature on the account | bool |
ipRules | List of IpRules. | IpAddressOrRange[] |
isVirtualNetworkFilterEnabled | Flag to indicate whether to enable/disable Virtual Network ACL rules. | bool |
keyVaultKeyUri | The URI of the key vault | string |
locations | An array that contains the georeplication locations enabled for the Cosmos DB account. | Location[] (required) |
minimalTlsVersion | Indicates the minimum allowed Tls version. The default value is Tls 1.2. Cassandra and Mongo APIs only work with Tls 1.2. | "Tls" "Tls11" "Tls12" |
networkAclBypass | Indicates what services are allowed to bypass firewall checks. | "AzureServices" "None" |
networkAclBypassResourceIds | An array that contains the Resource Ids for Network Acl Bypass for the Cosmos DB account. | string[] |
publicNetworkAccess | Whether requests from Public Network are allowed | "Disabled" "Enabled" "SecuredByPerimeter" |
restoreParameters | Parameters to indicate the information about the restore. | RestoreParameters |
virtualNetworkRules | List of Virtual Network ACL rules configured for the Cosmos DB account. | VirtualNetworkRule[] |
AnalyticalStorageConfiguration
Name | Description | Value |
---|---|---|
schemaType | Describes the types of schema for analytical storage. | "FullFidelity" "WellDefined" |
ApiProperties
Name | Description | Value |
---|---|---|
serverVersion | Describes the ServerVersion of an a MongoDB account. | "3.2" "3.6" "4.0" "4.2" |
BackupPolicy
Name | Description | Value |
---|---|---|
migrationState | The object representing the state of the migration between the backup policies. | BackupPolicyMigrationState |
type | Set the object type | Continuous Periodic (required) |
BackupPolicyMigrationState
Name | Description | Value |
---|---|---|
startTime | Time at which the backup policy migration started (ISO-8601 format). | string |
status | Describes the status of migration between backup policy types. | "Completed" "Failed" "InProgress" "Invalid" |
targetType | Describes the target backup policy type of the backup policy migration. | "Continuous" "Periodic" |
ContinuousModeBackupPolicy
Name | Description | Value |
---|---|---|
type | Describes the mode of backups. | "Continuous" (required) |
continuousModeProperties | Configuration values for continuous mode backup | ContinuousModeProperties |
ContinuousModeProperties
Name | Description | Value |
---|---|---|
tier | Enum to indicate type of Continuous backup mode | "Continuous30Days" "Continuous7Days" |
PeriodicModeBackupPolicy
Name | Description | Value |
---|---|---|
type | Describes the mode of backups. | "Periodic" (required) |
periodicModeProperties | Configuration values for periodic mode backup | PeriodicModeProperties |
PeriodicModeProperties
Name | Description | Value |
---|---|---|
backupIntervalInMinutes | An integer representing the interval in minutes between two backups | int Constraints: Min value = 0 |
backupRetentionIntervalInHours | An integer representing the time (in hours) that each backup is retained | int Constraints: Min value = 0 |
backupStorageRedundancy | Enum to indicate type of backup residency | "Geo" "Local" "Zone" |
Capability
Name | Description | Value |
---|---|---|
name | Name of the Cosmos DB capability. For example, "name": "EnableCassandra". Current values also include "EnableTable" and "EnableGremlin". | string |
Capacity
Name | Description | Value |
---|---|---|
totalThroughputLimit | The total throughput limit imposed on the account. A totalThroughputLimit of 2000 imposes a strict limit of max throughput that can be provisioned on that account to be 2000. A totalThroughputLimit of -1 indicates no limits on provisioning of throughput. | int |
ConsistencyPolicy
Name | Description | Value |
---|---|---|
defaultConsistencyLevel | The default consistency level and configuration settings of the Cosmos DB account. | "BoundedStaleness" "ConsistentPrefix" "Eventual" "Session" "Strong" (required) |
maxIntervalInSeconds | When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. Accepted range for this value is 5 - 86400. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int Constraints: Min value = 5 Max value = 86400 |
maxStalenessPrefix | When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. Accepted range for this value is 1 – 2,147,483,647. Required when defaultConsistencyPolicy is set to 'BoundedStaleness'. | int Constraints: Min value = 1 Max value = 2147483647 |
CorsPolicy
Name | Description | Value |
---|---|---|
allowedHeaders | The request headers that the origin domain may specify on the CORS request. | string |
allowedMethods | The methods (HTTP request verbs) that the origin domain may use for a CORS request. | string |
allowedOrigins | The origin domains that are permitted to make a request against the service via CORS. | string (required) |
exposedHeaders | The response headers that may be sent in the response to the CORS request and exposed by the browser to the request issuer. | string |
maxAgeInSeconds | The maximum amount time that a browser should cache the preflight OPTIONS request. | int Constraints: Min value = 1 Max value = 2147483647 |
IpAddressOrRange
Name | Description | Value |
---|---|---|
ipAddressOrRange | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: “23.40.210.245” or “23.40.210.0/8”. | string |
Location
Name | Description | Value |
---|---|---|
failoverPriority | The failover priority of the region. A failover priority of 0 indicates a write region. The maximum value for a failover priority = (total number of regions - 1). Failover priority values must be unique for each of the regions in which the database account exists. | int Constraints: Min value = 0 |
isZoneRedundant | Flag to indicate whether or not this region is an AvailabilityZone region | bool |
locationName | The name of the region. | string |
RestoreParameters
Name | Description | Value |
---|---|---|
databasesToRestore | List of specific databases available for restore. | DatabaseRestoreResource[] |
gremlinDatabasesToRestore | List of specific gremlin databases available for restore. | GremlinDatabaseRestoreResource[] |
restoreMode | Describes the mode of the restore. | "PointInTime" |
restoreSource | The id of the restorable database account from which the restore has to be initiated. For example: /subscriptions/{subscriptionId}/providers/Microsoft.DocumentDB/locations/{location}/restorableDatabaseAccounts/{restorableDatabaseAccountName} | string |
restoreTimestampInUtc | Time to which the account has to be restored (ISO-8601 format). | string |
tablesToRestore | List of specific tables available for restore. | string[] |
DatabaseRestoreResource
Name | Description | Value |
---|---|---|
collectionNames | The names of the collections available for restore. | string[] |
databaseName | The name of the database available for restore. | string |
GremlinDatabaseRestoreResource
Name | Description | Value |
---|---|---|
databaseName | The name of the gremlin database available for restore. | string |
graphNames | The names of the graphs available for restore. | string[] |
VirtualNetworkRule
Name | Description | Value |
---|---|---|
id | Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | string |
ignoreMissingVNetServiceEndpoint | Create firewall rule before the virtual network has vnet service endpoint enabled. | bool |