All products Terraform Azure azurerm
tf-azure-cosmosdb-mongo-ru

Module creates and manages Request Unit (RU) based Cosmos DB with MongoDB in Azure. Key features:

  • flexible configuration
  • capabilities for managing databases and users
  • data replication

NOTE: This module is meant to be used with an already created Resource Group.

Log in to Corewide IaC registry

Once you have a Corewide Solutions Portal account, this one-time action will use your browser session to retrieve credentials:

 shellterraform login solutions.corewide.com
Provision instructions

Initialize mandatory providers:

Copy and paste into your Terraform configuration and insert the variables:

 hclmodule "tf_azure_cosmosdb_mongo_ru" {
  source  = "solutions.corewide.com/azure/tf-azure-cosmosdb-mongo-ru/azurerm"
  version = "~> 1.0.0"

  # specify module inputs here or try one of the examples below
  ...
}

Initialize the setup:

 shellterraform init
Define update strategy

Corewide DevOps team strictly follows Semantic Versioning Specification to provide our clients with products that have predictable upgrades between versions. We recommend pinning patch versions of our modules using pessimistic constraint operator (~>) to prevent breaking changes during upgrades.

To get new features during the upgrades (without breaking compatibility), use ~> 1.0 and run terraform init -upgrade

For the safest setup, use strict pinning with version = "1.0.0"

RU-based Azure Cosmos DB for MongoDB

Deploys managed MongoDB engine in Request Unit (RU) based Azure Cosmos DB
$350
Version:
1.0.0
3
3
v1.0.0
BUY
3
License
v1.0.0 released 6 months, 1 week ago
Changelog

Module creates and manages Request Unit (RU) based Cosmos DB with MongoDB in Azure. Key features:

  • flexible configuration
  • capabilities for managing databases and users
  • data replication

NOTE: This module is meant to be used with an already created Resource Group.

Minimal setup with required parameters only. Creates Cosmos DB account with no custom databases and users:

 hclresource "azurerm_resource_group" "main" {
  name     = "myproject-data-prod"
  location = "westus2"
}

module "mongodb" {
  source  = "solutions.corewide.com/azure/tf-azure-cosmosdb-mongo-ru/azurerm"
  version = "~> 1.0"

  name                = "myproject-mongodb-prod"
  region              = azurerm_resource_group.main.location
  resource_group_name = azurerm_resource_group.main.name
}

Standard usage. Creates Cosmos DB account with IP and subnet whitelists, extra data location, managed user identity, myapp database with owner (generated password) and read-only users and myapp_secondary database with admin user:

 hclresource "azurerm_resource_group" "main" {
  name     = "myproject-data-prod"
  location = "westus2"
}

resource "azurerm_user_assigned_identity" "mongodb" {
  name                = "myproject-mongodb-prod"
  location            = "westus2"
  resource_group_name = azurerm_resource_group.main.name
}

module "mongodb" {
  source  = "solutions.corewide.com/azure/tf-azure-cosmosdb-mongo-ru/azurerm"
  version = "~> 1.0"

  name                                  = "myproject-prod"
  region                                = azurerm_user_assigned_identity.mongodb.location
  resource_group_name                   = azurerm_resource_group.main.name
  engine_version                        = "7.0"
  total_throughput_limit                = -1
  public_network_access_enabled         = false
  bypass_network_acl_for_azure_services = false
  extra_capabilities                    = ["EnableMongo16MBDocumentSupport"]
  subnet_whitelist                      = ["/subscriptions/xxxyyyzzz/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/myproject/subnets/myproject-production"]
  ip_range_whitelist                    = ["xx.xx.xx.xx/32"]
  network_acl_bypass_ids                = ["xxx-yyy-zzz"]

  consistency_policy = {
    level                   = "BoundedStaleness"
    max_interval_in_seconds = 300
    max_staleness_prefix    = 100000
  }

  data_location = [
    {
      location          = "westus2"
      failover_priority = 0
    },
    {
      location          = "westus3"
      failover_priority = 1
    },
  ]

  identity = {
    type = "UserAssigned"
    ids  = [azurerm_user_assigned_identity.mongodb.id]
  }

  databases = [
    {
      name       = "myapp"
      throughput = 400

      users = [
        {
          name      = "myapp_ro"
          password  = "read_user_password"
          role_name = "read"
        },
        {
          name      = "myapp_owner"
          role_name = "dbOwner"
        },
      ]
    },
    {
      name           = "myapp_secondary"
      max_throughput = 1000

      users = [
        {
          name      = "myapp_secondary_admin"
          role_name = "dbAdmin"
        },
      ]
    },
  ]

  backup = {
    type                = "Periodic"
    interval_in_minutes = 1440
    retention_in_hours  = 200
    storage_redundancy  = "Geo"
  }

  tags = {
    Project     = "myproject"
    Environment = "prod"
  }
}
Variable Description Type Default Required Sensitive
name Cosmos DB account name string yes no
region Region of a Resource Group to create the Cosmos DB account in string yes no
resource_group_name Name of the Resource Group to create the Cosmos DB account in string yes no
backup Backup configuration object {} no no
backup.interval_in_minutes Interval (in minutes) between two backups. Possible values are between 60 and 1440. Applicable only if var.backup.type is Periodic number 240 no no
backup.retention_in_hours Time (in hours) that each backup is retained. Possible values are between 8 and 720. Applicable only if var.backup.type is Periodic number 8 no no
backup.storage_redundancy Type of backup residency. Possible values are: Geo, Local and Zone. Applicable only if var.backup.type is Periodic string Geo no no
backup.tier The continuous backup tier. Possible values are: Continuous7Days and Continuous30Days. Applicable only if var.backup.type is Continuous string Continuous7Days no no
backup.type Type of the backup. Possible values are: Continuous and Periodic string Continuous no no
bypass_network_acl_for_azure_services Indicates whether Azure services can bypass network ACLs bool false no no
consistency_policy Consistency policy configuration object {} no no
consistency_policy.level Consistency Level to use for the Cosmos DB account. Possible values are: BoundedStaleness, Eventual, Session, Strong or ConsistentPrefix string BoundedStaleness no no
consistency_policy.max_interval_in_seconds Time (in seconds) of staleness tolerated. The accepted range is 5 - 86400 (1 day). Applicable only when var.consistency_policy.consistency_level is set to BoundedStaleness number 300 no no
consistency_policy.max_staleness_prefix Number of stale requests tolerated. The accepted range for this value is 10 - 2147483647. Applicable only when var.consistency_policy.consistency_level is set to BoundedStaleness number 100000 no no
data_location List of geographic data locations. The list must contain at least one configuration object list(object) no no
data_location[*].failover_priority The failover priority of the region. A failover priority of 0 indicates a write region. Failover priority values must be unique for each of the regions number 0 no no
data_location[*].region Name of the Azure region to host replicated data. By default have the same value as account region (local) string local no no
databases List of MongoDB databases and their users list(object) [] no no
databases[*].max_throughput Maximum throughput of the MongoDB database (RU/s). Must reside between 1000 and 1000000. If set, autoscaling is used instead of static throughput (var.databases[*].throughput) number no no
databases[*].name Database name string yes no
databases[*].throughput Throughput of the database (RU/s). Must be set in increments of 100 number 400 no no
databases[*].users List of users to create in the database list(object) [] no no
databases[*].users[*].name User name string yes no
databases[*].users[*].password User password. Generated if unspecified string no no
databases[*].users[*].role_name User role. Available built-in roles are: read, readWrite, dbAdmin and dbOwner string yes no
engine_version Version of the MongoDB engine. Possible values are: 3.2, 3.6, 4.0, 4.2, 5.0, 6.0, and 7.0 string 7.0 no no
extra_capabilities List of Cosmos DB extra capabilities. EnableMongo and EnableMongoRoleBasedAccessControl are already set to allow role-based access control list(string) [] no no
identity Managed identity configuration object no no
identity.ids List of User Assigned Managed Identity IDs to be assigned to this Cosmos DB account list(string) yes no
identity.type Type of Managed Identity assigned to this Cosmos DB account. Possible values are: SystemAssigned and UserAssigned string yes no
ip_range_whitelist Set of IP addresses or CIDR ranges to allow Cosmos DB access set(string) [] no no
network_acl_bypass_ids List of resource IDs to bypass Cosmos DB Network ACLs list(string) [] no no
public_network_access_enabled Indicates whether public network access to the Cosmos DB account is enabled bool false no no
subnet_whitelist Set of virtual network subnet IDs to allow Cosmos DB access set(string) [] no no
tags Map of tags to assign to resources map(string) {} no no
total_throughput_limit Total throughput limit imposed on this Cosmos DB account (RU/s). -1 means no limit number ${-1} no no
Output Description Type Sensitive
account Cosmos DB account attributes resource yes
account_connection_details Cosmos DB account-level (master) connection details map yes
database_connection_details Cosmos DB database-level connection details computed yes
Dependency Version Kind
terraform >= 1.3 CLI
hashicorp/azurerm ~> 4.2 provider
hashicorp/random ~> 3.6 provider

References

Not sure where to start?
Let's find your perfect match.