Terraform Script for securing Cosmosdb in the subnet

Hi All Senior Gurus ,
Terraform is new for me . I want to create a cosmosdb and Azure App service .
[i] I only want my Cosmosdb to be in the subnet of Vnet and App service outside of Vnet .
[ii] Only App service can contact my Cosmosdb in the subnet .

Solution I’m thinking to implement this :
I’ve created Vnet , Subnet , App service and Cosmosdb .

Issue I’m facing :
How to create service end point so that only App service can access my Cosmosdb in the subnet.

Please guide me :pray: . I couldn’t find much help from documentation .

Regards
A Terraform learner .

You can navigate to app services and select your app service, Then go to Settings → Networking, Copy all outbound IP Addresses, and in cosmos DB terraform resource use that IP addresses as described below.

resource "azurerm_cosmosdb_account" "db" {
...
ip_range_filter = "list_of_ips_you_copied"
...
}

Hope This helps.