Hello,
I have a question regarding azurerm_cosmosdb_account
resource, in particular public_network_access_enabled
parameter.
What I am doing is I am adding some virtual_network_rule
and ip_range_filter
. Virtual network is my AKS network, while I am adding IP filter to include Azure Portal IPs.
What happens is that Azure Portal connectivity only works if public_network_access_enabled
parameter is set to true
. What is the reason behind it. Does it mean that if this parameter is set to false
, no public access is allowed, even if IPs are specified in IP filter?
Example of my configuration:
data "azurerm_resource_group" "main" {
name = var.resource_group_name
}
locals {
azure_portal_ip_range = [
"104.42.195.92",
"40.76.54.131",
"52.176.6.30",
"52.169.50.45",
"52.187.184.26"
]
}
resource "azurerm_cosmosdb_account" "cosmosdb" {
name = "${var.deployment_name}-${var.suffix}"
location = data.azurerm_resource_group.main.location
resource_group_name = data.azurerm_resource_group.main.name
offer_type = "Standard"
kind = "MongoDB"
mongo_server_version = "4.0"
ip_range_filter = join(",", local.azure_portal_ip_range)
is_virtual_network_filter_enabled = true
backup {
type = "Periodic"
interval_in_minutes = 1440
retention_in_hours = 48
}
capabilities {
name = "EnableMongo"
}
consistency_policy {
consistency_level = "Session"
}
geo_location {
location = data.azurerm_resource_group.main.location
failover_priority = 0
}
identity {
type = "SystemAssigned"
}
virtual_network_rule {
id = var.aks_subnet_id
}
tags = var.tags
}
Thank you and best regards,
Bostjan