Terraform を使用して Azure Cosmos DB for NoSQL のリソースを管理する
適用対象: NoSQL
この記事では、Terraform を使用して、Azure Cosmos DB アカウント、データベース、コンテナーのデプロイと管理を行う方法について説明します。
この記事では、NoSQL アカウントの Terraform サンプルを示します。
- アカウント名は、44 文字 (すべて小文字) に制限されています。
- スループット (RU/秒) の値を変更するには、RU/秒を更新して Terraform ファイルを再デプロイします。
- Azure Cosmos アカウントに対して場所の追加または削除を行う場合、他のプロパティを同時に変更することはできません。 これらの操作は個別に行う必要があります。
- データベース単位でスループットをプロビジョニングし、すべてのコンテナー間で共有するには、データベースのオプションのプロパティにスループットの値を設定します。
以下のいずれかの Azure Cosmos DB リソースを作成するには、新しい Terraform ファイル (main.tf) にサンプルをコピーするか、リソース (main.tf) と変数 (variables.tf) 用に 2 つの個別のファイルを用意します。 AzureRM プロバイダーは、必ずメインの Terraform ファイルに含めるか、別のプロバイダー ファイルに分割してください。 すべてのサンプルは、Terraform サンプル リポジトリにあります。
terraform {
required_version = ">= 1.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 3.0, < 4.0"
random = {
source = "hashicorp/random"
version = ">= 3.0"
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = false
自動スケーリング スループットを備える Azure Cosmos アカウント
一貫性とフェールオーバーのためのオプションを備えた 2 つのリージョンで Azure Cosmos アカウントを作成します。データベースとコンテナーは、ほとんどのインデックス ポリシー オプションが有効になっている自動スケーリング スループット用に構成します。
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
resource "random_string" "db_account_name" {
count = var.cosmosdb_account_name == null ? 1 : 0
length = 20
upper = false
special = false
numeric = false
locals {
cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)
resource "azurerm_cosmosdb_account" "example" {
name = local.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "main" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
autoscale_settings {
max_throughput = var.max_throughput
resource "azurerm_cosmosdb_sql_container" "example" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
autoscale_settings {
max_throughput = var.max_throughput
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
variable "prefix" {
type = string
default = "cosmos-db-autoscale"
description = "Prefix of the resource name"
variable "location" {
type = string
default = "North Europe"
description = "Resource group location"
variable "cosmosdb_account_name" {
type = string
default = null
description = "Cosmos db account name"
variable "cosmosdb_account_location" {
type = string
default = "North Europe"
description = "Cosmos db account location"
variable "cosmosdb_sqldb_name" {
type = string
default = "default-cosmosdb-sqldb"
description = "value"
variable "sql_container_name" {
type = string
default = "default-sql-container"
description = "SQL API container name."
variable "max_throughput" {
type = number
default = 4000
description = "Cosmos db database max throughput"
validation {
condition = var.max_throughput >= 4000 && var.max_throughput <= 1000000
error_message = "Cosmos db autoscale max throughput should be equal to or greater than 4000 and less than or equal to 1000000."
validation {
condition = var.max_throughput % 100 == 0
error_message = "Cosmos db max throughput should be in increments of 100."
分析ストアを使用する Azure Cosmos アカウント
Analytical TTL が有効なコンテナーと手動または自動スケール スループットのオプションを使用して、1 つのリージョンに Azure Cosmos アカウントを作成します。
resource "azurerm_resource_group" "example" {
name = "${random_pet.random_prefix.id}-rg"
location = var.location
resource "random_string" "db_account_name" {
count = var.cosmosdb_account_name == null ? 1 : 0
length = 20
upper = false
special = false
numeric = false
locals {
cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)
resource "azurerm_cosmosdb_account" "example" {
name = local.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
analytical_storage_enabled = true
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "example" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
resource "azurerm_cosmosdb_sql_container" "main" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.example.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
analytical_storage_ttl = var.analytical_storage_ttl
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "random_pet" "random_prefix" {
prefix = var.name_prefix
variable "name_prefix" {
type = string
default = "101-cosmos-db-analyticalstore"
description = "Prefix for resource group name"
variable "location" {
type = string
default = "westus"
description = "Resource group location"
variable "cosmosdb_account_name" {
type = string
default = null
description = "Cosmos db account name"
variable "cosmosdb_account_location" {
type = string
default = "westus"
description = "Cosmos db account location"
variable "cosmosdb_sqldb_name" {
type = string
default = "default-sqldb-name"
description = "value"
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
variable "sql_container_name" {
type = string
default = "default-sql-container-name"
description = "SQL API container name."
variable "analytical_storage_ttl" {
type = number
default = -1
description = "Analytical Storage TTL in seconds."
標準プロビジョニング スループットを備える Azure Cosmos アカウント
一貫性とフェールオーバーのためのオプションを使用して、2 つのリージョンで Azure Cosmos アカウントを作成します。データベースとコンテナーは、ほとんどのポリシー オプションが有効になっている標準スループット用に構成します。
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
resource "azurerm_cosmosdb_account" "example" {
name = "${random_pet.prefix.id}-cosmosdb"
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "main" {
name = "${random_pet.prefix.id}-sqldb"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
resource "azurerm_cosmosdb_sql_container" "example" {
name = "${random_pet.prefix.id}-sql-container"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = var.throughput
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
variable "prefix" {
type = string
default = "cosmosdb-manualscale"
description = "Prefix of the resource name"
variable "location" {
type = string
default = "Canada Central"
description = "Resource group location"
variable "cosmosdb_account_location" {
type = string
default = "Canada Central"
description = "Cosmos db account location"
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
サーバー側機能を備える Azure Cosmos DB コンテナー
ストアド プロシージャ、トリガー、ユーザー定義関数を使用して、Azure Cosmos アカウント、データベース、コンテナーを作成します。
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
resource "azurerm_cosmosdb_account" "example" {
name = "${random_pet.prefix.id}-cosmosdb"
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "main" {
name = "${random_pet.prefix.id}-sqldb"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
resource "azurerm_cosmosdb_sql_container" "example" {
name = "${random_pet.prefix.id}-sql-container"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "azurerm_cosmosdb_sql_stored_procedure" "example" {
name = "${random_pet.prefix.id}-sql-stored-procedure"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
container_name = azurerm_cosmosdb_sql_container.example.name
body = "function () { var context = getContext(); var response = context.getResponse(); response.setBody('Hello, World'); }"
resource "azurerm_cosmosdb_sql_trigger" "example" {
name = "${random_pet.prefix.id}-sql-trigger"
container_id = azurerm_cosmosdb_sql_container.example.id
body = "function validateToDoItemTimestamp(){var context=getContext();var request=context.getRequest();var itemToCreate=request.getBody();if(!('timestamp'in itemToCreate)){var ts=new Date();itemToCreate['timestamp']=ts.getTime();}request.setBody(itemToCreate);}"
operation = "Create"
type = "Pre"
resource "azurerm_cosmosdb_sql_function" "example" {
name = "${random_pet.prefix.id}-sql-function"
container_id = azurerm_cosmosdb_sql_container.example.id
body = "function tax(income){if(income==undefined)throw'no input';if(income<1000)return income*0.1;else if(income<10000)return income*0.2;else return income*0.4;}"
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
variable "prefix" {
type = string
default = "cosmos-db-ss-func"
description = "Prefix of the resource name"
variable "location" {
type = string
default = "Central US"
description = "Resource group location"
variable "cosmosdb_account_location" {
type = string
default = "eastus"
description = "Cosmos db account location"
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
Microsoft Entra ID とロールベースのアクセス制御を使用した Azure Cosmos DB
Microsoft Entra ID 用の Azure Cosmos アカウント、ネイティブに管理されるロールの定義、ネイティブに管理されるロールの割り当てを作成します。
data "azurerm_client_config" "current" {}
locals {
current_user_object_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id)
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
resource "random_string" "db_account_name" {
count = var.cosmosdb_account_name == null ? 1 : 0
length = 20
upper = false
special = false
numeric = false
locals {
cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)
resource "azurerm_cosmosdb_account" "example" {
name = local.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "example" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
resource "azurerm_cosmosdb_sql_container" "example" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.example.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "azurerm_cosmosdb_sql_role_definition" "example" {
name = "examplesqlroledef"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
type = "CustomRole"
assignable_scopes = [
permissions {
data_actions = ["Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"]
resource "azurerm_cosmosdb_sql_role_assignment" "example" {
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
role_definition_id = azurerm_cosmosdb_sql_role_definition.example.id
principal_id = local.current_user_object_id
scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.example.name}/providers/Microsoft.DocumentDB/databaseAccounts/${azurerm_cosmosdb_account.example.name}"
resource "random_pet" "prefix" {
prefix = var.name_prefix
variable "name_prefix" {
type = string
default = "101-cosmos-db-aad-rbac"
description = "Prefix for resource group name"
variable "location" {
type = string
default = "westus"
description = "Resource group location"
variable "cosmosdb_account_name" {
type = string
default = null
description = "Cosmos db account name"
variable "cosmosdb_account_location" {
type = string
default = "westus"
description = "Cosmos db account location"
variable "cosmosdb_sqldb_name" {
type = string
default = "default-sqldb-name"
description = "value"
variable "msi_id" {
type = string
default = null
description = "If you're executing the test with user assigned identity, please pass the identity principal id to this variable."
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
variable "sql_container_name" {
type = string
default = "default-sql-container-name"
description = "SQL API container name."
Free レベルの Azure Cosmos DB アカウント
Free レベルの Azure Cosmos アカウントと、最大 25 個のコンテナーで共有できる共有スループットを備えるデータベースを作成します。
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
resource "azurerm_cosmosdb_account" "example" {
name = random_pet.prefix.id
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
enable_free_tier = true
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "main" {
name = "${random_pet.prefix.id}-cosmosdb-sqldb"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
resource "azurerm_cosmosdb_sql_container" "example" {
name = "${random_pet.prefix.id}-sql-container"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = var.throughput
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
variable "prefix" {
type = string
default = "cosmos-db-free-tier"
description = "Prefix of the resource name"
variable "location" {
type = string
default = "Switzerland North"
description = "Resource group location"
variable "cosmosdb_account_location" {
type = string
default = "Switzerland North"
description = "Cosmos db account location"
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."