Azure Cosmos - Support for compulsory Role Based Authentication as the only method

Hi All,
We are using Terraform to deploy Cosmos DB accounts. We have been advised to move to a configuration where all interactions with Cosmos happen via RBAC , i.e. no Account Keys.

Microsoft’s documentation on this subject can be found here.

Terraform’s documentation on Cosmos db can be found here

I am trying to determine which specific attribute in Terraform would allow us to achieve our RBAC objective. I wasn’t very clear from the documentation.


Upon reading further, it appears that the Terraform setting local_authentication_disabled might be the one which matches disableLocalAuth setting in Azure ARM template.

It would be very helpful if somebody from Terraform can attest whether setting the parameter local_authentication_disabled would cause the existing database to be torn down and freshly re-created with this setting.

I am optimistic that it shouldn’t. However, with Analytical Store, we saw this behaviour of tearing down.