MIT License
This Terraform module is designed to create Azure Cosmos DB accounts, its related resources and APIs.
[!WARNING] Major version Zero (0.y.z) is for initial development. Anything MAY change at any time. A module SHOULD NOT be considered stable till at least it is major version one (1.0.0) or greater. Changes will always be via new versions being published and no changes will be made to existing published versions. For more details please go to https://semver.org/
The following requirements are needed by this module:
The following providers are used by this module:
The following resources are used by this module:
The following input variables are required:
Description: Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.
Example Inputs: eastus See more in CLI: az account list-locations -o table --query "[].name"
Type: string
Description: Specifies the name of the CosmosDB Account. Changing this forces a new resource to be created. The name can contain only lowercase letters, numbers and the '-' character, must be between 3 and 44 characters long, and must not start or end with the character '-'.
Example Inputs: cosmos-sharepoint-prod-westus-001 See more: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftdocumentdb
Type: string
Description: The name of the resource group in which to create this resource. Changing this forces a new resource to be created. Name must be less than 90 characters long and must only contain underscores, hyphens, periods, parentheses, letters, or digits.
Example Inputs: rg-sharepoint-prod-westus-001 See more: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftresources
Type: string
The following input variables are optional (have default values):
Description: Defaults to false
. Is write operations on metadata resources (databases, containers, throughput) via account keys enabled?
Type: bool
Default: false
Description: Defaults to null
. Configuration related to the analytical storage of this account
schema_type
- (Required) - The schema type of the Analytical Storage for this Cosmos DB account. Possible values are FullFidelity and WellDefined.Example inputs:
analytical_storage_config = {
schema_type = "WellDefined"
}
Type:
object({
schema_type = string
})
Default: null
Description: Defaults to false
. Enable Analytical Storage option for this Cosmos DB account. Enabling and then disabling analytical storage forces a new resource to be created.
Type: bool
Default: false
Description: Defaults to true
. Enable automatic failover for this Cosmos DB account.
Type: bool
Default: true
Description: Defaults to {}
. Configures the backup policy for this Cosmos DB account.
type
- (Optional) - Defaults to Continuous
. The type of the backup. Possible values are Continuous
and Periodic
tier
- (Optional) - Defaults to Continuous30Days
. Used when type
is set to Continuous
. The continuous backup tier. Possible values are Continuous7Days
and Continuous30Days
.interval_in_minutes
- (Optional) - Defaults to 240
. Used when type
is set to Periodic
. The interval in minutes between two backups. Possible values are between 60
and 1440
retention_in_hours
- (Optional) - Defaults to 8
. Used when type
is set to Periodic
. The time in hours that each backup is retained. Possible values are between 8
and 720
storage_redundancy
- (Optional) - Defaults to Geo
. Used when type
is set to Periodic
. The storage redundancy is used to indicate the type of backup residency. Possible values are Geo
, Local
and Zone
Example inputs:
# For Continuous Backup
backup = {
type = "Continuous"
tier = "Continuous30Days"
}
# For Periodic Backup
backup = {
type = "Periodic"
storage_redundancy = "Geo"
interval_in_minutes = 240
retention_in_hours = 8
}
Type:
object({
retention_in_hours = optional(number, 8)
interval_in_minutes = optional(number, 240)
storage_redundancy = optional(string, "Geo")
type = optional(string, "Continuous")
tier = optional(string, "Continuous30Days")
})
Default: {}
Description: Defaults to []
. The capabilities which should be enabled for this Cosmos DB account.
name
- (Required) - The capability to enable - Possible values are AllowSelfServeUpgradeToMongo36
, DisableRateLimitingResponses
, EnableAggregationPipeline
, EnableCassandra
, EnableGremlin
, EnableMongo
, EnableMongo16MBDocumentSupport
, EnableMongoRetryableWrites
, EnableMongoRoleBasedAccessControl
, EnablePartialUniqueIndex
, EnableServerless
, EnableTable
, EnableTtlOnCustomPath
, EnableUniqueCompoundNestedDocs
, MongoDBv3.4
and mongoEnableDocLevelTTL
.Example inputs:
capabilities = [
{
name = "DisableRateLimitingResponses"
}
]
Type:
set(object({
name = string
}))
Default: []
Description: Defaults to {}
. Configures the throughput limit for this Cosmos DB account.
total_throughput_limit
- (Optional) - Defaults to -1
. The total throughput limit imposed on this Cosmos DB account (RU/s). Possible values are at least -1. -1 means no limit.Example inputs:
capacity = {
total_throughput_limit = -1
}
Type:
object({
total_throughput_limit = optional(number, -1)
})
Default: {}
Description: Defaults to {}
. Used to define the consistency policy for this CosmosDB account
consistency_level
- (Optional) - Defaults to ConsistentPrefix
. The Consistency Level to use for this CosmosDB Account - can be either BoundedStaleness
, Eventual
, Session
, Strong
or ConsistentPrefix
.max_interval_in_seconds
- (Optional) - Defaults to 5
. Used when consistency_level
is set to BoundedStaleness
. When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. The accepted range for this value is 5
- 86400
(1 day).max_staleness_prefix
- (Optional) - Defaults to 100
. Used when consistency_level
is set to BoundedStaleness
. When used with the Bounded Staleness consistency level, this value represents the number of stale requests tolerated. The accepted range for this value is 10
– 2147483647
Example inputs:
consistency_policy = {
consistency_level = "ConsistentPrefix"
max_interval_in_seconds = 10
max_interval_in_seconds = 100
}
Type:
object({
max_interval_in_seconds = optional(number, 5)
max_staleness_prefix = optional(number, 100)
consistency_level = optional(string, "ConsistentPrefix")
})
Default: {}
Description: Defaults to null
. Configures the CORS rule for this Cosmos DB account.
allowed_headers
- (Required) - A list of headers that are allowed to be a part of the cross-origin request.allowed_methods
- (Required) - A list of HTTP headers that are allowed to be executed by the origin. Valid options are DELETE
, GET
, HEAD
, MERGE
, POST
, OPTIONS
, PUT
or PATCH
.allowed_origins
- (Required) - A list of origin domains that will be allowed by CORS.exposed_headers
- (Required) - A list of response headers that are exposed to CORS clients.max_age_in_seconds
- (Optional) - Defaults to null
. The number of seconds the client should cache a preflight response. Possible values are between 1
and 2147483647
Example inputs:
cors_rule = {
allowed_headers = ["Custom-Header"]
allowed_methods = ["POST"]
allowed_origins = ["microsoft.com"]
exposed_headers = ["Custom-Header"]
max_age_in_seconds = 100
}
Type:
object({
allowed_headers = set(string)
allowed_methods = set(string)
allowed_origins = set(string)
exposed_headers = set(string)
max_age_in_seconds = optional(number, null)
})
Default: null
Description: Defaults to null
. Ignored for Basic and Standard. Defines a customer managed key to use for encryption.
key_name
- (Required) - The key name for the customer managed key in the key vault.
key_vault_resource_id
- (Required) - The full Azure Resource ID of the key_vault where the customer managed key will be referenced from.
key_version
- (Unsupported)
user_assigned_identity
- (Required) - The user assigned identity to use when access the key vault
resource_id
- (Required) - The full Azure Resource ID of the user assigned identity.Note: Remember to assign permission to the managed identity to access the key vault key. The Key vault used must have enabled soft delete and purge protection. The minimun required permissions is "Key Vault Crypto Service Encryption User"
Example Inputs:
customer_managed_key = {
key_name = "sample-customer-key"
key_vault_resource_id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.KeyVault/vaults/{keyVaultName}"
user_assigned_identity {
resource_id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managedIdentityName}"
}
}
Type:
object({
key_name = string
key_vault_resource_id = string
key_version = optional(string, null) # Not supported in CosmosDB
user_assigned_identity = optional(object({
resource_id = string
}), null)
})
Default: null
Description: Defaults to {}
. A map of diagnostic settings to create. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
name
- (Optional) - The name of the diagnostic setting. One will be generated if not set, however this will not be unique if you want to create multiple diagnostic setting resources.log_categories
- (Optional) - Defaults to []
. A set of log categories to export. Possible values are: DataPlaneRequests
, MongoRequests
, CassandraRequests
, GremlinRequests
, QueryRuntimeStatistics
, PartitionKeyStatistics
, PartitionKeyRUConsumption
, ControlPlaneRequests
or TableApiRequests
.log_groups
- (Optional) - Defaults to []
if log_categories is set, if not it defaults to ["allLogs", "audit"]
. A set of log groups to send to export. Possible values are allLogs
and audit
.metric_categories
- (Optional) - Defaults to ["AllMetrics"]
. A set of metric categories to export.log_analytics_destination_type
- (Optional) - Defaults to Dedicated
. The destination log analytics workspace table for the diagnostic setting. Possible values are Dedicated
and AzureDiagnostics
. Defaults to Dedicated
.workspace_resource_id
- (Optional) - The resource ID of the log analytics workspace to send logs and metrics to.storage_account_resource_id
- (Optional) - The resource ID of the storage account to send logs and metrics to.event_hub_authorization_rule_resource_id
- (Optional) - The resource ID of the event hub authorization rule to send logs and metrics to.event_hub_name
- (Optional) - The name of the event hub. If none is specified, the default event hub will be selected.marketplace_partner_resource_id
- (Optional) - The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic LogsLogs.Note: See more in CLI: az monitor diagnostic-settings categories list --resource {cosmosAccountResourceId}
Example Inputs:
diagnostic_settings = {
diagnostic1 = {
event_hub_name = "hub-name"
log_analytics_destination_type = "Dedicated"
name = "diagnostics"
event_hub_authorization_rule_resource_id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.EventHub/namespaces/{eventHubNamespaceName}/authorizationRules/{authorizationRuleName}"
#log_categories = ["DataPlaneRequests", "MongoRequests", "CassandraRequests", "GremlinRequests", "QueryRuntimeStatistics", "PartitionKeyStatistics", "PartitionKeyRUConsumption", "ControlPlaneRequests", "TableApiRequests"]
metric_categories = ["AllMetrics"]
log_groups = ["allLogs", "audit"]
workspace_resource_id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}"
storage_account_resource_id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}"
}
}
Type:
map(object({
name = optional(string, null)
log_categories = optional(set(string), [])
log_groups = optional(set(string), ["allLogs"])
metric_categories = optional(set(string), ["AllMetrics"])
log_analytics_destination_type = optional(string, "Dedicated")
workspace_resource_id = optional(string, null)
storage_account_resource_id = optional(string, null)
event_hub_authorization_rule_resource_id = optional(string, null)
event_hub_name = optional(string, null)
marketplace_partner_resource_id = optional(string, null)
}))
Default: {}
Description: Defaults to true
. This variable controls whether or not telemetry is enabled for the module.
For more information see https://aka.ms/avm/telemetryinfo.
If it is set to false, then no telemetry will be collected.
Type: bool
Default: true
Description: Defaults to false
. Enable the Free Tier pricing option for this Cosmos DB account. Defaults to false. Changing this forces a new resource to be created.
Type: bool
Default: false
Description: Default to the region where the account was deployed with zone redundant enabled. Specifies a geo_location resource, used to define where data should be replicated with the failover_priority 0 specifying the primary location.
location
- (Required) - The name of the Azure location where the CosmosDB Account is being created.failover_priority
- (Required) - The failover priority of the region. A failover priority of 0 indicates a write region.zone_redundant
- (Optional) - Defaults to true
. Whether or not the region is zone redundant.Example inputs:
geo_locations = [
{
location = "eastus"
failover_priority = 0
zone_redundant = true
},
{
location = "westus"
failover_priority = 1
zone_redundant = true
}
]
Type:
set(object({
location = string
failover_priority = number
zone_redundant = optional(bool, true)
}))
Default: null
Description: Defaults to []
. CosmosDB Firewall Support: This value specifies the set of IP addresses or IP address ranges in CIDR form to be included as the allowed list of client IPs for a given database account.
Note: To enable the "Allow access from the Azure portal" behavior, you should add the IP addresses provided by the documentation to this list. https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall#allow-requests-from-the-azure-portal Note: To enable the "Accept connections from within public Azure datacenters" behavior, you should add 0.0.0.0 to the list, see the documentation for more details. https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall#allow-requests-from-global-azure-datacenters-or-other-sources-within-azure
Type: set(string)
Default: []
Description: Defaults to false
. Ignored for non SQL APIs accounts. Disable local authentication and ensure only MSI and AAD can be used exclusively for authentication. Can be set only when using the SQL API.
Type: bool
Default: false
Description: Defaults to null
. Controls the Resource Lock configuration for this resource.
If specified, it will be inherited by child resources unless overriden when creating those child resources.
The following properties can be specified:
kind
- (Required) - The type of lock. Possible values are CanNotDelete
and ReadOnly
.name
- (Optional) - The name of the lock. If not specified, a name will be generated based on the kind
value. Changing this forces the creation of a new resource.Note: If you use
ReadOnly
kind lock, you must configure Terraform to use EntraId authentication, as the access of the account keys will be blocked thus terraform won't be to do its job.
Example Inputs:
lock = {
kind = "CanNotDelete"
name = "This resource cannot be deleted easily"
}
Type:
object({
kind = string
name = optional(string, null)
})
Default: null
Description: Defaults to {}
. Controls the Managed Identity configuration on this resource. The following properties can be specified:
system_assigned
- (Optional) - Defaults to false
. Specifies if the System Assigned Managed Identity should be enabled.user_assigned_resource_ids
- (Optional) - Defaults to []
. Specifies a set of User Assigned Managed Identity resource IDs to be assigned to this resource.Example Inputs:
managed_identities = {
system_assigned = true
user_assigned_resource_ids = [
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{managedIdentityName}"
]
}
Type:
object({
system_assigned = optional(bool, false)
user_assigned_resource_ids = optional(set(string), [])
})
Default: {}
Description: Defaults to Tls12
. Specifies the minimal TLS version for the CosmosDB account. Possible values are: Tls
, Tls11
, and Tls12
Type: string
Default: "Tls12"
Description: Defaults to {}
. Manages SQL Databases within a Cosmos DB Account.
name
- (Required) - Specifies the name of the Cosmos DB Mongo Database. Changing this forces a new resource to be created.
throughput
- (Optional) - Defaults to null
. The throughput of the MongoDB database (RU/s). Must be set in increments of 100
. The minimum value is 400
. This must be set upon database creation otherwise it cannot be updated without a manual terraform destroy-apply.
autoscale_settings
- (Optional) - Defaults to null
. This must be set upon database creation otherwise it cannot be updated without a manual terraform destroy-apply.
max_throughput
- (Required) - The maximum throughput of the SQL database (RU/s). Must be between 1,000
and 1,000,000
. Must be set in increments of 1,000
. Conflicts with throughput
.collections
- (Optional) - Defaults to {}
. Manages a Mongo Collection within a Cosmos DB Account.
name
- (Required) Specifies the name of the Cosmos DB Mongo Collection. Changing this forces a new resource to be created.
throughput
- (Optional) - Defaults to null
. The throughput of the MongoDB collection (RU/s). Must be set in increments of 100. The minimum value is 400. This must be set upon database creation otherwise it cannot be updated without a manual terraform destroy-apply.
default_ttl_seconds
- (Optional) - Defaults to null
. The default Time To Live in seconds. If the value is -1, items are not automatically expired.
shard_key
- (Optional) - Defaults to null
. The name of the key to partition on for sharding. There must not be any other unique index keys. Changing this forces a new resource to be created.
autoscale_settings
- (Optional) - Defaults to null
. This must be set upon database creation otherwise it cannot be updated without a manual terraform destroy-apply.
max_throughput
- (Required) - The maximum throughput of the MongoDB collection (RU/s). Must be between 1,000 and 1,000,000. Must be set in increments of 1,000. Conflicts with throughput.Index
- (Optional) - Defaults to null
. Improve the efficiency of MongoDB database operations.
keys
- (Required) Specifies the list of user settable keys for each Cosmos DB Mongo Collection.unique
- (Optional) Defaults to false
. Is the index unique or not?Example inputs:
database_collection = {
name = "database_mongoDb_collections"
throughput = 400
collections = {
"collection" = {
name = "MongoDBcollection"
default_ttl_seconds = "3600"
shard_key = "_id"
throughput = 400
index = {
keys = ["_id"]
unique = true
}
}
}
}
Type:
map(object({
name = string
throughput = optional(number, null)
autoscale_settings = optional(object({
max_throughput = number
}), null)
collections = optional(map(object({
name = string
default_ttl_seconds = optional(string, null)
shard_key = optional(string, null)
throughput = optional(number, null)
autoscale_settings = optional(object({
max_throughput = number
}), null)
index = optional(object({
keys = list(string)
unique = optional(bool, false)
}), null)
})), {})
}))
Default: {}
Description: The Server Version of a MongoDB account. Defaults to 3.6
Possible values are 4.2
, 4.0
, 3.6
, and 3.2
Type: string
Default: "3.6"
Description: Defaults to false
. Ignored when backup.type
is Continuous
. Enable multi-region writes for this Cosmos DB account.
Type: bool
Default: false
Description: Defaults to false
. If Azure services can bypass ACLs.
Type: bool
Default: false
Description: Defaults to []
. The list of resource Ids for Network Acl Bypass for this Cosmos DB account.
Type: set(string)
Default: []
Description: Defaults to false
. Is partition merge on the Cosmos DB account enabled?
Type: bool
Default: false
Description: Default to {}
. A map of private endpoints to create. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
subnet_resource_id
- (Required) - The resource ID of the subnet to deploy the private endpoint in.
subresource_name
- (Required) - The service name of the private endpoint. Possible value are SQL
, SqlDedicated
, Cassandra
, MongoDB
, Gremlin
or Table
.
name
- (Optional) - The name of the private endpoint. One will be generated if not set.
private_dns_zone_group_name
- (Optional) - The name of the private DNS zone group. One will be generated if not set.
private_dns_zone_resource_ids
- (Optional) - A set of resource IDs of private DNS zones to associate with the private endpoint. If not set, no zone groups will be created and the private endpoint will not be associated with any private DNS zones. DNS records must be managed external to this module.
application_security_group_associations
- (Optional) - A map of resource IDs of application security groups to associate with the private endpoint. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
private_service_connection_name
- (Optional) - The name of the private service connection. One will be generated if not set.
network_interface_name
- (Optional) - The name of the network interface. One will be generated if not set.
location
- (Optional) - The Azure location where the resources will be deployed. Defaults to the location of the resource group.
resource_group_name
- (Optional) - The resource group where the resources will be deployed. Defaults to the resource group of the resource.
ip_configurations
- (Optional) - A map of IP configurations to create on the private endpoint. If not specified the platform will create one. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
name
- (Required) - The name of the IP configuration.private_ip_address
- (Required) - The private IP address of the IP configuration.role_assignments
- (Optional) - A map of role assignments to create on the private endpoint. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. See var.role_assignments
for more information.
lock
- (Optional) - The lock level to apply to the private endpoint. Default is None
. Possible values are None
, CanNotDelete
, and ReadOnly
.
tags
- (Optional) - A mapping of tags to assign to the private endpoint.
Note: See more related to subresource_name in: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#private-link-resource
Type:
map(object({
subnet_resource_id = string
subresource_name = string
name = optional(string, null)
private_dns_zone_group_name = optional(string, "default")
private_dns_zone_resource_ids = optional(set(string), [])
application_security_group_associations = optional(map(string), {})
private_service_connection_name = optional(string, null)
network_interface_name = optional(string, null)
location = optional(string, null)
resource_group_name = optional(string, null)
ip_configurations = optional(map(object({
name = string
private_ip_address = string
})), {})
tags = optional(map(string), null)
lock = optional(object({
kind = string
name = optional(string, null)
}), null)
role_assignments = optional(map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
delegated_managed_identity_resource_id = optional(string, null)
principal_type = optional(string, null) # forced to be here by lint, not supported
condition = optional(string, null) # forced to be here by lint, not supported
condition_version = optional(string, null) # forced to be here by lint, not supported
})), {})
}))
Default: {}
Description: Default to true. Whether to manage private DNS zone groups with this module. If set to false, you must manage private DNS zone groups externally, e.g. using Azure Policy.
Type: bool
Default: true
Description: Defaults to true
. Whether or not public network access is allowed for this CosmosDB account.
Type: bool
Default: true
Description: Defaults to {}
. A map of role assignments to create. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
role_definition_id_or_name
- (Required) - The ID or name of the role definition to assign to the principal.
principal_id
- (Required) - The ID of the principal to assign the role to.
description
- (Optional) - The description of the role assignment.
skip_service_principal_aad_check
- (Optional) - If set to true, skips the Azure Active Directory check for the service principal in the tenant. Defaults to false.
delegated_managed_identity_resource_id
- (Optional) - The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created. This field is only used in cross-tenant scenario.
principal_type
- (Unsupported)
condition
- (Unsupported)
condition_version
- (Unsupported)
Note: only set
skip_service_principal_aad_check
to true if you are assigning a role to a service principal.
Example Inputs:
role_assignments = {
"key" = {
skip_service_principal_aad_check = false
role_definition_id_or_name = "Contributor"
description = "This is a test role assignment"
principal_id = "eb5260bd-41f3-4019-9e03-606a617aec13"
}
}
Type:
map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
delegated_managed_identity_resource_id = optional(string, null)
principal_type = optional(string, null) # forced to be here by lint, not supported
condition = optional(string, null) # forced to be here by lint, not supported
condition_version = optional(string, null) # forced to be here by lint, not supported
}))
Default: {}
Description: Defaults to {}
. Manages SQL Databases within a Cosmos DB Account.
name
- (Required) - Specifies the name of the Cosmos DB SQL Container. Changing this forces a new resource to be created.
throughput
- (Optional) - Defaults to null
. The throughput of SQL database (RU/s). Must be set in increments of 100
. The minimum value is 400
. This must be set upon database creation otherwise it cannot be updated without a manual terraform destroy-apply.
autoscale_settings
- (Optional) - Defaults to null
. This must be set upon database creation otherwise it cannot be updated without a manual terraform destroy-apply.
max_throughput
- (Required) - The maximum throughput of the SQL database (RU/s). Must be between 1,000
and 1,000,000
. Must be set in increments of 1,000
. Conflicts with throughput
.containers
- (Optional) - Defaults to {}
. Manages SQL Containers within a Cosmos DB Account.
partition_key_path
- (Required) - Define a partition key. Changing this forces a new resource to be created.
name
- (Required) - Specifies the name of the Cosmos DB SQL Container. Changing this forces a new resource to be created.
throughput
- (Optional) - Defaults to null
. The throughput of SQL container (RU/s). Must be set in increments of 100
. The minimum value is 400
. This must be set upon container creation otherwise it cannot be updated without a manual terraform destroy-apply.
default_ttl
- (Optional) - Defaults to null
. The default time to live of SQL container. If missing, items are not expired automatically. If present and the value is set to -1
, it is equal to infinity, and items don't expire by default. If present and the value is set to some number n - items will expire n seconds after their last modified time.
analytical_storage_ttl
- (Optional) - Defaults to null
. The default time to live of Analytical Storage for this SQL container. If present and the value is set to -1
, it is equal to infinity, and items don't expire by default. If present and the value is set to some number n - items will expire n seconds after their last modified time.
unique_keys
- (Optional) - Defaults to []
. The unique keys of the container.
paths
- (Required) - A list of paths to use for this unique key. Changing this forces a new resource to be created.autoscale_settings
- (Optional) - Defaults to null
. This must be set upon database creation otherwise it cannot be updated without a manual terraform destroy-apply.
max_throughput
- (Required) - The maximum throughput of the SQL container (RU/s). Must be between 1,000
and 1,000,000
. Must be set in increments of 1,000
. Conflicts with throughput
.functions
- (Optional) - Defaults to {}
. Manages SQL User Defined Functions.
body
- (Required) - Body of the User Defined Function.name
- (Required) - The name which should be used for this SQL User Defined Function. Changing this forces a new SQL User Defined Function to be created.stored_procedures
- (Optional) - Defaults to {}
. Manages SQL Stored Procedures within a Cosmos DB Account SQL Database.
body
- (Required) - The body of the stored procedure.name
- (Required) - Specifies the name of the Cosmos DB SQL Stored Procedure. Changing this forces a new resource to be created.triggers
- (Optional) - Defaults to {}
. Manages SQL Triggers.
body
- (Required) - Body of the Trigger.type
- (Required) - Type of the Trigger. Possible values are Pre
and Post
.operation
- (Required) - The operation the trigger is associated with. Possible values are All
, Create
, Update
, Delete
and Replace
.name
- (Required) - The name which should be used for this SQL Trigger. Changing this forces a new SQL Trigger to be created.conflict_resolution_policy
- (Optional) - Defaults to null
. The conflict resolution policy of the container. Changing this forces a new resource to be created.
mode
- (Required) - Indicates the conflict resolution mode. Possible values include: LastWriterWins
and Custom
.conflict_resolution_path
- Required if LastWriterWins
is set as mode
- The conflict resolution path.conflict_resolution_procedure
- Required if Custom
is set as mode
- The procedure to resolve conflicts .indexing_policy
- (Optional) - Defaults to {}
. The indexing policy of the container.
indexing_mode
- (Required) - Indicates the indexing mode. Possible values include: consistent
and none
included_paths
- (Optional) - Defaults to []
. Either included_path or excluded_path must contain the path /*
path
- (Required) - Path for which the indexing behaviour applies to.excluded_paths
- (Optional) - Defaults to []
. Either included_path or excluded_path must contain the path /*
path
- (Required) - Path that is excluded from indexing.composite_indexes
- (Optional) - Defaults to []
. The composite indexes of the indexing policy.
indexes
- (Required) - The indexes of the composite indexes.
path
- (Required) - Path for which the indexing behaviour applies to.order
- (Required) - Order of the index. Possible values are Ascending
or Descending
.spatial_indexes
- (Optional) - Defaults to []
. The spatial indexes of the indexing policy.
path
- (Required) - Path for which the indexing behaviour applies to. According to the service design, all spatial types including LineString, MultiPolygon, Point, and Polygon will be applied to the path.Note: Switching between autoscale and manual throughput is not supported via Terraform and must be completed via the Azure Portal and refreshed. Note: For indexing policy See more in: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/how-to-manage-indexing-policy?tabs=dotnetv3%2Cpythonv3
Example inputs:
sql_databases = {
database1 = {
name = "database1"
throughput = 400
# autoscale_settings = {
# max_throughput = 4000
# }
containers = {
container1 = {
partition_key_path = "/id"
name = "container1"
throughput = 400
default_ttl = 1000
analytical_storage_ttl = 1000
unique_keys = [
{
paths = ["/field1", "/field2"]
}
]
# autoscale_settings = {
# max_throughput = 4000
# }
functions = {
function1 = {
name = "functionName"
body = "function function1() { }"
}
}
stored_procedures = {
stored1 = {
name = "storedName"
body = "function stored1() { }"
}
}
triggers = {
trigger1 = {
name = "triggerName"
body = "function trigger1() { }"
type = "Pre"
operation = "All"
}
}
conflict_resolution_policy = {
mode = "LastWriterWins"
conflict_resolution_path = "/customProperty"
}
indexing_policy = {
indexing_mode = "consistent"
included_paths = [
{
path = "/*"
}
]
excluded_paths = [
{
path = "/excluded/*"
}
]
composite_indexes = [
{
indexes = [
{
path = "/field1"
order = "ascending"
}
]
}
]
spatial_indexes = [
{
path = "/location/*"
}
]
}
}
}
}
}
Type:
map(object({
name = string
throughput = optional(number, null)
autoscale_settings = optional(object({
max_throughput = number
}), null)
containers = optional(map(object({
partition_key_path = string
name = string
throughput = optional(number, null)
default_ttl = optional(number, null)
analytical_storage_ttl = optional(number, null)
unique_keys = optional(list(object({
paths = set(string)
})), [])
autoscale_settings = optional(object({
max_throughput = number
}), null)
functions = optional(map(object({
body = string
name = string
})), {})
stored_procedures = optional(map(object({
body = string
name = string
})), {})
triggers = optional(map(object({
body = string
type = string
operation = string
name = string
})), {})
conflict_resolution_policy = optional(object({
mode = string
conflict_resolution_path = optional(string, null)
conflict_resolution_procedure = optional(string, null)
}), null)
indexing_policy = optional(object({
indexing_mode = string
included_paths = optional(set(object({
path = string
})), [])
excluded_paths = optional(set(object({
path = string
})), [])
composite_indexes = optional(set(object({
indexes = set(object({
path = string
order = string
}))
})), [])
spatial_indexes = optional(set(object({
path = string
})), [])
}), null)
})), {})
}))
Default: {}
Description: Defaults to null
. Manages a SQL Dedicated Gateway within a Cosmos DB Account.
instance_size
- (Optional) - The instance size for the CosmosDB SQL Dedicated Gateway. Changing this forces a new resource to be created. Possible values are Cosmos.D4s
, Cosmos.D8s
and Cosmos.D16s
instance_count
- (Optional) - The instance count for the CosmosDB SQL Dedicated Gateway. Possible value is between 1
and 5
.Note: To create a dedicated gateway in a zone redundant region you must request Azure to enable it into your account. See more in: https://learn.microsoft.com/en-us/azure/cosmos-db/dedicated-gateway#provisioning-the-dedicated-gateway
Example inputs:
sql_dedicated_gateway = {
instance_count = 1
instance_size = "Cosmos.D4s"
}
Type:
object({
instance_size = string
instance_count = optional(number, 1)
})
Default: null
Description: Defaults to {}
. A mapping of tags to assign to the resource. These tags will propagate to any child resource unless overriden when creating the child resource
Example Inputs:
tags = {
environment = "testing"
}
Type: map(string)
Default: null
Description: Defaults to []
. Used to define which subnets are allowed to access this CosmosDB account.
subnet_id
- (Required) - The ID of the virtual network subnet.Note: Remember to enable Microsoft.AzureCosmosDB service endpoint on the subnet.
Example inputs:
virtual_network_rule = [
{
subnet_id = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}"
}
]
Type:
set(object({
subnet_id = string
}))
Default: []
The following outputs are exported:
Description: The keys for the CosmosDB Account.
Description: The MongoDB connection strings for the CosmosDB Account.
Description: The SQL connection strings for the CosmosDB Account.
Description: A map of the MongoDB collections created, with the collection name as the key and the collection ID as the value.
Description: A map of the MongoDB databases created, with the database name as the key and the database ID as the value.
Description: The name of the cosmos db account created.
Description: A map of the diagnostic settings created, with the diagnostic setting name as the key and the diagnostic setting ID as the value.
Description: The resource ID of the cosmos db account created.
Description: A map of the management locks created, with the lock name as the key and the lock ID as the value.
Description: A map of the management locks created, with the lock name as the key and the lock ID as the value.
Description: The IDs of the private endpoint application security group associations created.
Description: A map of the role assignments created, with the assignment key as the map key and the assignment value as the map value.
Description: A map of the SQL containers created, with the container name as the key and the container ID as the value.
Description: A map of the SQL databases created, with the database name as the key and the database ID as the value.
Description: The IDs of the SQL dedicated gateways created.
Description: A map of the SQL functions created, with the function name as the key and the function ID as the value.
Description: A map of the SQL stored procedures created, with the stored procedure name as the key and the stored procedure ID as the value.
Description: A map of the SQL triggers created, with the trigger name as the key and the trigger ID as the value.
No modules.
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.