No requirements.
Name | Version |
---|---|
azurerm | n/a |
Click to expand
module "cosmosdb" {
source = "../module"
location = local.location
resource_group_name = azurerm_resource_group.group.name
workload_name = "primary-db"
authorized_ips_or_cidr_blocks = ["103.59.72.25"]
authorized_vnet_subnet_ids = [azurerm_subnet.snet.id]
azure_defender_enabled = true
backup = {
type = "Periodic"
interval_in_minutes = 60 * 4 # 4 hours
retention_in_hours = 10
}
consistency_policy = {
level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100001
}
failover_locations = {
eastus = {
location = "eastus"
zone_redundant = true
},
westus = {
location = "westus"
},
}
# Various RBAC roles assignment as per requirement
account_contributor_object_ids = [data.azurerm_client_config.current.object_id]
operator_object_ids = [data.azurerm_client_config.current.object_id]
}
For a complete deployment example, please check sample folder.
Name | Description | Type | Default | Required |
---|---|---|---|---|
account_contributor_object_ids | List of object IDs to be added with DocumentDB Account Contributor role on Cosmos DB. | list(string) |
[] |
no |
account_reader_object_ids | List of object IDs to be added with Cosmos DB Account Contributor role on Cosmos DB. | list(string) |
[] |
no |
authorized_ips_or_cidr_blocks | List of authorized IP addresses or CIDR Blocks to allow access from. | list(string) |
[] |
no |
authorized_vnet_subnet_ids | IDs of the virtual network subnets authorized to connect to the Storage Account. | list(string) |
[] |
no |
azure_defender_enabled | Is Azure Defender enabled for this Azure CosmosDB Account? | bool |
false |
no |
backup | Backup details for CosmosDB. This block requires the following inputs: - type' : The type of the backup. Possible values are Continuous and Periodic. <br> - 'interval_in_minutes' (Optional) : The interval in minutes between two backups.Possible values are between 60 and 1440. <br> 'retention_in_hours' (Optional) : The time in hours that each backup is retained. Possible values are between 8 and 720. |
object({ |
null |
no |
backup_operator_object_ids | List of object IDs to be added with Cosmos DB Backup Operator role on Cosmos DB. | list(string) |
[] |
no |
capabilities | Configures the capabilities to enable for this Cosmos DB account. Possible values are 'AllowSelfServeUpgradeToMongo36', 'DisableRateLimitingResponses', 'EnableAggregationPipeline', 'EnableCassandra', 'EnableGremlin', 'EnableMongo', 'EnableTable', 'EnableServerless', 'MongoDBv3.4' and 'mongoEnableDocLevelTTL' |
list(string) |
[] |
no |
consistency_policy | Specifies a consistency_policy resource, used to define the consistency policy for this CosmosDB account. This block requires the following inputs: - level : The Consistency Level - can be either BoundedStaleness, Eventual, Session, Strong or ConsistentPrefix. - max_interval_in_seconds (Optional): When used with the Bounded Staleness consistency level, this value represents the time amount of staleness (in seconds) tolerated. - max_staleness_prefix' (Optional): The number of stale requests tolerated. Accepted range for this value is 10 – 2147483647 and value must be greater then 100000 when more then one geo_location is used |
object({ |
{ |
no |
customer_managed_keys | Specifies customer managed keys configuration. This block requires the following inputs: - cmk_enabled : If Customer Managed Key needs to be enabled? - user_managed_identity_id : Managed Identity to access Key Vault.- kvt_key_versionless_id Versionless id of Key Vault's key |
object({ |
{ |
no |
failover_locations | Configures the geographic locations the data is replicated. This block requires the following inputs: - location : The name of the Azure region to host replicated data. - zone_redundant' (Optional) : Should zone redundancy be enabled for this region? |
map(object({ |
null |
no |
kind | Specifies the Kind of CosmosDB to create - possible values are 'GlobalDocumentDB' and 'MongoDB'. Defaults to GlobalDocumentDB. | string |
"GlobalDocumentDB" |
no |
location | Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. | string |
n/a | yes |
mongo_server_version | The Server Version of a MongoDB account. Possible values are 4.2, 4.0, 3.6, and 3.2. | number |
4.2 |
no |
operator_object_ids | List of object IDs to be added with Cosmos DB Operator role on Cosmos DB. | list(string) |
[] |
no |
private_endpoint | Specifies the private endpoint details for this resource. This block requires the following inputs: - subnet_id : The subnet ID to use for the private endpoint. |
map(object({ |
{} |
no |
resource_group_name | The name of the resource group in which to create the resource. | string |
n/a | yes |
restore_operator_object_ids | List of object IDs to be added with Cosmos DB Restore Operator role on Cosmos DB. | list(string) |
[] |
no |
tags | Optional tags for the resources. | map(string) |
{} |
no |
workload_name | Specifies the workload name that will use this resource. This will be used in the resource name. | string |
n/a | yes |
zone_redundancy_enabled | True to enabled zone redundancy on default primary location | bool |
true |
no |
Name | Description |
---|---|
cosmosdb_endpoint | The endpoint used to connect to the CosmosDB account. |
id | The Cosmos DB Account ID. |
name | The Cosmos DB Account name. |
Name | Type |
---|---|
azurerm_advanced_threat_protection.this | resource |
azurerm_cosmosdb_account.db | resource |
azurerm_private_endpoint.private_endpoint | resource |
Name | Source | Version |
---|---|---|
naming | Azure/naming/azurerm | n/a |
role_assignment | github.com/Terrazure/terraform-azure-rbac | n/a |