使用 Terraform 管理 Azure Cosmos DB for NoSQL 資源
在本文中,您將了解如何使用 Terraform 部署及管理您的 Azure Cosmos DB 帳戶、資料庫和容器。
本文會示範 NoSQL 帳戶的 Terraform 範例。
- 帳戶名稱限制為 44 個字元,全部小寫。
- 若要變更輸送量 (RU/秒) 值,請使用更新的 RU/秒重新部署 Terraform 檔案。
- 您在新增或移除 Azure Cosmos 帳戶的位置時,無法同時修改其他屬性。 這些作業必須個別執行。
- 若要在資料庫層級佈建輸送量,並在所有容器之間共用,請將輸送量的值套用至 [資料庫選項] 屬性。
若要建立下列任何 Azure Cosmos DB 資源,請將此範例複製到新的 Terraform 檔案 (main.tf),或者,將資源 (main.tf) 和變數 (variables.tf) 分為兩個不同的檔案。 請務必在主要 Terraform 檔案中包含 azurerm 提供者,或分割成另一個提供者檔案。 所有範例均可在 Terraform 範例存放庫上找到。
terraform {
required_version = ">= 1.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 3.0, < 4.0"
random = {
source = "hashicorp/random"
version = ">= 3.0"
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = false
具有自動調整輸送量的 Azure Cosmos 帳戶
在兩個區域中建立 Azure Cosmos 帳戶,包含一致性和容錯移轉的選項,以及設定自動調整輸送量 (已啟用多數索引原則選項) 的資料庫和容器。
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
resource "random_string" "db_account_name" {
count = var.cosmosdb_account_name == null ? 1 : 0
length = 20
upper = false
special = false
numeric = false
locals {
cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)
resource "azurerm_cosmosdb_account" "example" {
name = local.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "main" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
autoscale_settings {
max_throughput = var.max_throughput
resource "azurerm_cosmosdb_sql_container" "example" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
autoscale_settings {
max_throughput = var.max_throughput
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
variable "prefix" {
type = string
default = "cosmos-db-autoscale"
description = "Prefix of the resource name"
variable "location" {
type = string
default = "North Europe"
description = "Resource group location"
variable "cosmosdb_account_name" {
type = string
default = null
description = "Cosmos db account name"
variable "cosmosdb_account_location" {
type = string
default = "North Europe"
description = "Cosmos db account location"
variable "cosmosdb_sqldb_name" {
type = string
default = "default-cosmosdb-sqldb"
description = "value"
variable "sql_container_name" {
type = string
default = "default-sql-container"
description = "SQL API container name."
variable "max_throughput" {
type = number
default = 4000
description = "Cosmos db database max throughput"
validation {
condition = var.max_throughput >= 4000 && var.max_throughput <= 1000000
error_message = "Cosmos db autoscale max throughput should be equal to or greater than 4000 and less than or equal to 1000000."
validation {
condition = var.max_throughput % 100 == 0
error_message = "Cosmos db max throughput should be in increments of 100."
具有分析存放區的 Azure Cosmos 帳戶
在一個區域中建立 Azure Cosmos 帳戶,以及已啟用分析 TTL、且具有手動或自動調整輸送量選項的容器。
resource "azurerm_resource_group" "example" {
name = "${random_pet.random_prefix.id}-rg"
location = var.location
resource "random_string" "db_account_name" {
count = var.cosmosdb_account_name == null ? 1 : 0
length = 20
upper = false
special = false
numeric = false
locals {
cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)
resource "azurerm_cosmosdb_account" "example" {
name = local.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
analytical_storage_enabled = true
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "example" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
resource "azurerm_cosmosdb_sql_container" "main" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.example.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
analytical_storage_ttl = var.analytical_storage_ttl
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "random_pet" "random_prefix" {
prefix = var.name_prefix
variable "name_prefix" {
type = string
default = "101-cosmos-db-analyticalstore"
description = "Prefix for resource group name"
variable "location" {
type = string
default = "westus"
description = "Resource group location"
variable "cosmosdb_account_name" {
type = string
default = null
description = "Cosmos db account name"
variable "cosmosdb_account_location" {
type = string
default = "westus"
description = "Cosmos db account location"
variable "cosmosdb_sqldb_name" {
type = string
default = "default-sqldb-name"
description = "value"
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
variable "sql_container_name" {
type = string
default = "default-sql-container-name"
description = "SQL API container name."
variable "analytical_storage_ttl" {
type = number
default = -1
description = "Analytical Storage TTL in seconds."
Azure Cosmos 帳戶,具有標準佈建的輸送量
在兩個區域中建立 Azure Cosmos 帳戶,包含一致性和容錯移轉的選項,以及設定標準輸送量 (已啟用多數原則選項) 的資料庫和容器。
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
resource "azurerm_cosmosdb_account" "example" {
name = "${random_pet.prefix.id}-cosmosdb"
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "main" {
name = "${random_pet.prefix.id}-sqldb"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
resource "azurerm_cosmosdb_sql_container" "example" {
name = "${random_pet.prefix.id}-sql-container"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = var.throughput
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
variable "prefix" {
type = string
default = "cosmosdb-manualscale"
description = "Prefix of the resource name"
variable "location" {
type = string
default = "Canada Central"
description = "Resource group location"
variable "cosmosdb_account_location" {
type = string
default = "Canada Central"
description = "Cosmos db account location"
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
具有伺服器端功能的 Azure Cosmos DB 容器
建立具有預存程序、觸發程序與使用者定義函式的 Azure Cosmos 帳戶、資料庫與容器。
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
resource "azurerm_cosmosdb_account" "example" {
name = "${random_pet.prefix.id}-cosmosdb"
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "main" {
name = "${random_pet.prefix.id}-sqldb"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
resource "azurerm_cosmosdb_sql_container" "example" {
name = "${random_pet.prefix.id}-sql-container"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "azurerm_cosmosdb_sql_stored_procedure" "example" {
name = "${random_pet.prefix.id}-sql-stored-procedure"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
container_name = azurerm_cosmosdb_sql_container.example.name
body = "function () { var context = getContext(); var response = context.getResponse(); response.setBody('Hello, World'); }"
resource "azurerm_cosmosdb_sql_trigger" "example" {
name = "${random_pet.prefix.id}-sql-trigger"
container_id = azurerm_cosmosdb_sql_container.example.id
body = "function validateToDoItemTimestamp(){var context=getContext();var request=context.getRequest();var itemToCreate=request.getBody();if(!('timestamp'in itemToCreate)){var ts=new Date();itemToCreate['timestamp']=ts.getTime();}request.setBody(itemToCreate);}"
operation = "Create"
type = "Pre"
resource "azurerm_cosmosdb_sql_function" "example" {
name = "${random_pet.prefix.id}-sql-function"
container_id = azurerm_cosmosdb_sql_container.example.id
body = "function tax(income){if(income==undefined)throw'no input';if(income<1000)return income*0.1;else if(income<10000)return income*0.2;else return income*0.4;}"
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
variable "prefix" {
type = string
default = "cosmos-db-ss-func"
description = "Prefix of the resource name"
variable "location" {
type = string
default = "Central US"
description = "Resource group location"
variable "cosmosdb_account_location" {
type = string
default = "eastus"
description = "Cosmos db account location"
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
具有 Microsoft Entra 識別碼和基於角色存取控制的 Azure Cosmos DB 帳戶
建立 Azure Cosmos 帳戶、原生維護的角色定義,以及針對 Microsoft Entra ID 身分識別原生維護的角色指派。
data "azurerm_client_config" "current" {}
locals {
current_user_object_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id)
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
resource "random_string" "db_account_name" {
count = var.cosmosdb_account_name == null ? 1 : 0
length = 20
upper = false
special = false
numeric = false
locals {
cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)
resource "azurerm_cosmosdb_account" "example" {
name = local.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "example" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
resource "azurerm_cosmosdb_sql_container" "example" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.example.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "azurerm_cosmosdb_sql_role_definition" "example" {
name = "examplesqlroledef"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
type = "CustomRole"
assignable_scopes = [
permissions {
data_actions = ["Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"]
resource "azurerm_cosmosdb_sql_role_assignment" "example" {
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
role_definition_id = azurerm_cosmosdb_sql_role_definition.example.id
principal_id = local.current_user_object_id
scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.example.name}/providers/Microsoft.DocumentDB/databaseAccounts/${azurerm_cosmosdb_account.example.name}"
resource "random_pet" "prefix" {
prefix = var.name_prefix
variable "name_prefix" {
type = string
default = "101-cosmos-db-aad-rbac"
description = "Prefix for resource group name"
variable "location" {
type = string
default = "westus"
description = "Resource group location"
variable "cosmosdb_account_name" {
type = string
default = null
description = "Cosmos db account name"
variable "cosmosdb_account_location" {
type = string
default = "westus"
description = "Cosmos db account location"
variable "cosmosdb_sqldb_name" {
type = string
default = "default-sqldb-name"
description = "value"
variable "msi_id" {
type = string
default = null
description = "If you're executing the test with user assigned identity, please pass the identity principal id to this variable."
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
variable "sql_container_name" {
type = string
default = "default-sql-container-name"
description = "SQL API container name."
免費層 Azure Cosmos DB 帳戶
建立免費層的 Azure Cosmos 帳戶,以及具有共用輸送量 (最多可與 25 個容器共用) 的資料庫。
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
resource "azurerm_cosmosdb_account" "example" {
name = random_pet.prefix.id
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
enable_free_tier = true
geo_location {
location = var.location
failover_priority = 0
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
depends_on = [
resource "azurerm_cosmosdb_sql_database" "main" {
name = "${random_pet.prefix.id}-cosmosdb-sqldb"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
resource "azurerm_cosmosdb_sql_container" "example" {
name = "${random_pet.prefix.id}-sql-container"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = var.throughput
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
included_path {
path = "/included/?"
excluded_path {
path = "/excluded/?"
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
variable "prefix" {
type = string
default = "cosmos-db-free-tier"
description = "Prefix of the resource name"
variable "location" {
type = string
default = "Switzerland North"
description = "Resource group location"
variable "cosmosdb_account_location" {
type = string
default = "Switzerland North"
description = "Cosmos db account location"
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."