Azure: How to add CosmosDb to VNET properly

azure virtual-network

Solution 1:

Cosmos DB is a PaaS service and so doesn't really "join" a vNet, however it has two options to better integrate with vNet traffic:

  1. Service Endpoints - this is where you apply a firewall to the DB that restricts access only to certain resources. One of these resources can be a virtual network. Traffic still leaves the virtual network and goes over the Microsoft network to get to the Db. This is what you have done.
  2. Private Link - this injects the DB into the virtual network, it gets a private IP address and traffic does not leave the virtual network.

You have done option 1, so Cosmos DB is not actually in a vNet at all, you have just restricted access so only traffic from your vNet is allowed. This is perfectly valid if that is what you were aiming for, and is probably the simplest approach.

Option 2 is more complex, but will mean the Cosmos DB is effectively part of your vNet. This will be in your existing vNet, it will not be in it's own vNet.

Related

Postfix "loops back to myself" only when trying to send to fallback relay
HTTP CONNECT requests in Apache web server log
EKS ARM Node stuck in NotReady status - runtime network not ready cni config uninitialized
Problem with pointer-events and a:focus in CSS
How do I convert .blf data of CAN to .asc using python
How to run a local script when a brick is touched?
How to vertically center table cell in Bootstrap?
Searching through list for words containing character
Why does my if statement doesn't work on my if block python discord bot development [closed]
Function showing output to textbox vb.net
How to let syslog workable in docker?
entity framework join tables c#