RU-based Azure Cosmos DB for MongoDB

Module creates and manages Request Unit (RU) based Cosmos DB with MongoDB in Azure. Key features:

flexible configuration
capabilities for managing databases and users
data replication

NOTE: This module is meant to be used with an already created Resource Group.

$350

BUY

License

Once you have a Corewide Solutions Portal account, this one-time action will use your browser session to retrieve credentials:

 shellterraform login solutions.corewide.com

Provision instructions

Initialize mandatory providers:

Copy and paste into your Terraform configuration and insert the variables:

 hclmodule "tf_azure_cosmosdb_mongo_ru" {
  source  = "solutions.corewide.com/azure/tf-azure-cosmosdb-mongo-ru/azurerm"
  version = "~> 1.0.0"

  # specify module inputs here or try one of the examples below
  ...
}

Initialize the setup:

 shellterraform init

Define update strategy

Corewide DevOps team strictly follows Semantic Versioning Specification to provide our clients with products that have predictable upgrades between versions. We recommend pinning patch versions of our modules using pessimistic constraint operator (~>) to prevent breaking changes during upgrades.

To get new features during the upgrades (without breaking compatibility), use ~> 1.0 and run terraform init -upgrade

For the safest setup, use strict pinning with version = "1.0.0"

v1.0.0 released 1 month, 2 weeks ago

Changelog

Minimal setup with required parameters only. Creates Cosmos DB account with no custom databases and users:

 hclresource "azurerm_resource_group" "main" {
  name     = "myproject-data-prod"
  location = "westus2"
}

module "mongodb" {
  source  = "solutions.corewide.com/azure/tf-azure-cosmosdb-mongo-ru/azurerm"
  version = "~> 1.0"

  name                = "myproject-mongodb-prod"
  region              = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
}

Standard usage. Creates Cosmos DB account with IP and subnet whitelists, extra data location, managed user identity, myapp database with owner (generated password) and read-only users and myapp_secondary database with admin user:

 hclresource "azurerm_resource_group" "main" {
  name     = "myproject-data-prod"
  location = "westus2"
}

resource "azurerm_user_assigned_identity" "mongodb" {
  name                = "myproject-mongodb-prod"
  location            = "westus2"
  resource_group_name = azurerm_resource_group.main.name
}

module "mongodb" {
  source  = "solutions.corewide.com/azure/tf-azure-cosmosdb-mongo-ru/azurerm"
  version = "~> 1.0"

  name                                  = "myproject-prod"
  region                                = azurerm_user_assigned_identity.mongodb.location
  resource_group_name                   = azurerm_resource_group.main.name
  engine_version                        = "7.0"
  total_throughput_limit                = -1
  public_network_access_enabled         = false
  bypass_network_acl_for_azure_services = false
  extra_capabilities                    = ["EnableMongo16MBDocumentSupport"]
  subnet_whitelist                      = ["/subscriptions/xxxyyyzzz/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/myproject/subnets/myproject-production"]
  ip_range_whitelist                    = ["xx.xx.xx.xx/32"]
  network_acl_bypass_ids                = ["xxx-yyy-zzz"]

  consistency_policy = {
    level                   = "BoundedStaleness"
    max_interval_in_seconds = 300
    max_staleness_prefix    = 100000
  }

  data_location = [
    {
      location          = "westus2"
      failover_priority = 0
    },
    {
      location          = "westus3"
      failover_priority = 1
    },
  ]

  identity = {
    type = "UserAssigned"
    ids  = [azurerm_user_assigned_identity.mongodb.id]
  }

  databases = [
    {
      name       = "myapp"
      throughput = 400

      users = [
        {
          name      = "myapp_ro"
          password  = "read_user_password"
          role_name = "read"
        },
        {
          name      = "myapp_owner"
          role_name = "dbOwner"
        },
      ]
    },
    {
      name           = "myapp_secondary"
      max_throughput = 1000

      users = [
        {
          name      = "myapp_secondary_admin"
          role_name = "dbAdmin"
        },
      ]
    },
  ]

  backup = {
    type                = "Periodic"
    interval_in_minutes = 1440
    retention_in_hours  = 200
    storage_redundancy  = "Geo"
  }

  tags = {
    Project     = "myproject"
    Environment = "prod"
  }
}

Variable	Description	Type	Default	Required	Sensitive
`name`	Cosmos DB account name	`string`		yes	no
`region`	Region of a Resource Group to create the Cosmos DB account in	`string`		yes	no
`resource_group_name`	Name of the Resource Group to create the Cosmos DB account in	`string`		yes	no
`backup`	Backup configuration	`object`	`{}`	no	no
`backup.interval_in_minutes`	Interval (in minutes) between two backups. Possible values are between `60` and `1440`. Applicable only if `var.backup.type` is `Periodic`	`number`	`240`	no	no
`backup.retention_in_hours`	Time (in hours) that each backup is retained. Possible values are between `8` and `720`. Applicable only if `var.backup.type` is `Periodic`	`number`	`8`	no	no
`backup.storage_redundancy`	Type of backup residency. Possible values are: `Geo`, `Local` and `Zone`. Applicable only if `var.backup.type` is `Periodic`	`string`	`Geo`	no	no
`backup.tier`	The continuous backup tier. Possible values are: `Continuous7Days` and `Continuous30Days`. Applicable only if `var.backup.type` is `Continuous`	`string`	`Continuous7Days`	no	no
`backup.type`	Type of the backup. Possible values are: `Continuous` and `Periodic`	`string`	`Continuous`	no	no
`bypass_network_acl_for_azure_services`	Indicates whether Azure services can bypass network ACLs	`bool`	`false`	no	no
`consistency_policy`	Consistency policy configuration	`object`	`{}`	no	no
`consistency_policy.level`	Consistency Level to use for the Cosmos DB account. Possible values are: `BoundedStaleness`, `Eventual`, `Session`, `Strong` or `ConsistentPrefix`	`string`	`BoundedStaleness`	no	no
`consistency_policy.max_interval_in_seconds`	Time (in seconds) of staleness tolerated. The accepted range is `5` - `86400` (1 day). Applicable only when `var.consistency_policy.consistency_level` is set to `BoundedStaleness`	`number`	`300`	no	no
`consistency_policy.max_staleness_prefix`	Number of stale requests tolerated. The accepted range for this value is `10` - `2147483647`. Applicable only when `var.consistency_policy.consistency_level` is set to `BoundedStaleness`	`number`	`100000`	no	no
`data_location`	List of geographic data locations. The list must contain at least one configuration object	`list(object)`		no	no
`data_location[*].failover_priority`	The failover priority of the region. A failover priority of 0 indicates a write region. Failover priority values must be unique for each of the regions	`number`	`0`	no	no
`data_location[*].region`	Name of the Azure region to host replicated data. By default have the same value as account region (`local`)	`string`	`local`	no	no
`databases`	List of MongoDB databases and their users	`list(object)`	`[]`	no	no
`databases[*].max_throughput`	Maximum throughput of the MongoDB database (RU/s). Must reside between `1000` and `1000000`. If set, autoscaling is used instead of static throughput (`var.databases[*].throughput`)	`number`		no	no
`databases[*].name`	Database name	`string`		yes	no
`databases[*].throughput`	Throughput of the database (RU/s). Must be set in increments of `100`	`number`	`400`	no	no
`databases[*].users`	List of users to create in the database	`list(object)`	`[]`	no	no
`databases[].users[].name`	User name	`string`		yes	no
`databases[].users[].password`	User password. Generated if unspecified	`string`		no	no
`databases[].users[].role_name`	User role. Available built-in roles are: `read`, `readWrite`, `dbAdmin` and `dbOwner`	`string`		yes	no
`engine_version`	Version of the MongoDB engine. Possible values are: `3.2`, `3.6`, `4.0`, `4.2`, `5.0`, `6.0`, and `7.0`	`string`	`7.0`	no	no
`extra_capabilities`	List of Cosmos DB extra capabilities. `EnableMongo` and `EnableMongoRoleBasedAccessControl` are already set to allow role-based access control	`list(string)`	`[]`	no	no
`identity`	Managed identity configuration	`object`		no	no
`identity.ids`	List of User Assigned Managed Identity IDs to be assigned to this Cosmos DB account	`list(string)`		yes	no
`identity.type`	Type of Managed Identity assigned to this Cosmos DB account. Possible values are: `SystemAssigned` and `UserAssigned`	`string`		yes	no
`ip_range_whitelist`	Set of IP addresses or CIDR ranges to allow Cosmos DB access	`set(string)`	`[]`	no	no
`network_acl_bypass_ids`	List of resource IDs to bypass Cosmos DB Network ACLs	`list(string)`	`[]`	no	no
`public_network_access_enabled`	Indicates whether public network access to the Cosmos DB account is enabled	`bool`	`false`	no	no
`subnet_whitelist`	Set of virtual network subnet IDs to allow Cosmos DB access	`set(string)`	`[]`	no	no
`tags`	Map of tags to assign to resources	`map(string)`	`{}`	no	no
`total_throughput_limit`	Total throughput limit imposed on this Cosmos DB account (RU/s). `-1` means no limit	`number`	`${-1}`	no	no

Output	Description	Type	Sensitive
`account`	Cosmos DB account attributes	`resource`	yes
`account_connection_details`	Cosmos DB account-level (master) connection details	`map`	yes
`database_connection_details`	Cosmos DB database-level connection details	`computed`	yes