Verwalten von Ressourcen für Azure Cosmos DB for NoSQL mit Terraform


In diesem Artikel erfahren Sie, wie Sie Ihre Azure Cosmos DB-Konten, -Datenbanken und -Container mithilfe von Terraform bereitstellen und verwalten.

In diesem Artikel werden Terraform-Beispiele für NoSQL-Konten gezeigt.


  • Die Länge von Kontonamen ist auf 44 Zeichen (ausschließlich Kleinbuchstaben) beschränkt.
  • Sie müssen die Terraform-Datei mit einer aktualisierten Angabe der RU/s erneut bereitstellen, um die Durchsatzwerte (RU/s) ändern zu können.
  • Wenn Sie einem Azure Cosmos-Konto Speicherorte hinzufügen oder aus ihm entfernen, können Sie nicht gleichzeitig andere Eigenschaften ändern. Diese Vorgänge müssen separat ausgeführt werden.
  • Wenn Sie Durchsatz auf Datenbankebene bereitstellen und für alle Container freigeben möchten, wenden Sie die Durchsatzwerte auf die Eigenschaft „Datenbankoptionen“ an.

Um eine der folgenden Azure Cosmos DB-Ressourcen zu erstellen, kopieren Sie das Beispiel in eine neue Terraform-Datei ( oder alternativ zwei separate Dateien für Ressourcen ( und Variablen ( Achten Sie darauf, den AzureRM-Anbieter entweder in die Haupt-Terraform-Datei einzuschließen oder in einer separaten Anbieterdatei unterzubringen. Alle Beispiele finden Sie im Terraform-Beispielrepository.

terraform {
  required_version = ">= 1.0"

  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 3.0, < 4.0"
    random = {
      source  = "hashicorp/random"
      version = ">= 3.0"

provider "azurerm" {
  features {
    resource_group {
      prevent_deletion_if_contains_resources = false

Azure Cosmos-Konto mit automatisch skaliertem Durchsatz

Erstellt ein Azure Cosmos-Konto in zwei Regionen mit Optionen für Konsistenz und Failover, wobei Datenbank und Container für den automatisch skalierten Durchsatz konfiguriert und die meisten Optionen für Indexrichtlinien aktiviert sind

resource "azurerm_resource_group" "example" {
  name     = "${}-rg"
  location = var.location

resource "random_string" "db_account_name" {
  count = var.cosmosdb_account_name == null ? 1 : 0

  length  = 20
  upper   = false
  special = false
  numeric = false

locals {
  cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)

resource "azurerm_cosmosdb_account" "example" {
  name                      = local.cosmosdb_account_name
  location                  = var.cosmosdb_account_location
  resource_group_name       =
  offer_type                = "Standard"
  kind                      = "GlobalDocumentDB"
  enable_automatic_failover = false
  geo_location {
    location          = var.location
    failover_priority = 0
  consistency_policy {
    consistency_level       = "BoundedStaleness"
    max_interval_in_seconds = 300
    max_staleness_prefix    = 100000
  depends_on = [

resource "azurerm_cosmosdb_sql_database" "main" {
  name                = var.cosmosdb_sqldb_name
  resource_group_name =
  account_name        =
  autoscale_settings {
    max_throughput = var.max_throughput

resource "azurerm_cosmosdb_sql_container" "example" {
  name                  = var.sql_container_name
  resource_group_name   =
  account_name          =
  database_name         =
  partition_key_path    = "/definition/id"
  partition_key_version = 1
  autoscale_settings {
    max_throughput = var.max_throughput

  indexing_policy {
    indexing_mode = "consistent"

    included_path {
      path = "/*"

    included_path {
      path = "/included/?"

    excluded_path {
      path = "/excluded/?"

  unique_key {
    paths = ["/definition/idlong", "/definition/idshort"]

resource "random_pet" "prefix" {
  prefix = var.prefix
  length = 1

variable "prefix" {
  type        = string
  default     = "cosmos-db-autoscale"
  description = "Prefix of the resource name"

variable "location" {
  type        = string
  default     = "North Europe"
  description = "Resource group location"

variable "cosmosdb_account_name" {
  type        = string
  default     = null
  description = "Cosmos db account name"

variable "cosmosdb_account_location" {
  type        = string
  default     = "North Europe"
  description = "Cosmos db account location"

variable "cosmosdb_sqldb_name" {
  type        = string
  default     = "default-cosmosdb-sqldb"
  description = "value"

variable "sql_container_name" {
  type        = string
  default     = "default-sql-container"
  description = "SQL API container name."

variable "max_throughput" {
  type        = number
  default     = 4000
  description = "Cosmos db database max throughput"
  validation {
    condition     = var.max_throughput >= 4000 && var.max_throughput <= 1000000
    error_message = "Cosmos db autoscale max throughput should be equal to or greater than 4000 and less than or equal to 1000000."
  validation {
    condition     = var.max_throughput % 100 == 0
    error_message = "Cosmos db max throughput should be in increments of 100."

Azure Cosmos-Konto mit Analysespeicher

Erstellt ein Azure Cosmos-Konto in einer Region mit einem Container mit aktivierter analytischer Gültigkeitsdauer und Optionen für die manuelle oder automatische Skalierung des Durchsatzes

resource "azurerm_resource_group" "example" {
  name     = "${}-rg"
  location = var.location

resource "random_string" "db_account_name" {
  count = var.cosmosdb_account_name == null ? 1 : 0

  length  = 20
  upper   = false
  special = false
  numeric = false

locals {
  cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)

resource "azurerm_cosmosdb_account" "example" {
  name                       = local.cosmosdb_account_name
  location                   = var.cosmosdb_account_location
  resource_group_name        =
  offer_type                 = "Standard"
  kind                       = "GlobalDocumentDB"
  enable_automatic_failover  = false
  analytical_storage_enabled = true
  geo_location {
    location          = var.location
    failover_priority = 0

  consistency_policy {
    consistency_level       = "BoundedStaleness"
    max_interval_in_seconds = 300
    max_staleness_prefix    = 100000

  depends_on = [

resource "azurerm_cosmosdb_sql_database" "example" {
  name                = var.cosmosdb_sqldb_name
  resource_group_name =
  account_name        =
  throughput          = var.throughput

resource "azurerm_cosmosdb_sql_container" "main" {
  name                   = var.sql_container_name
  resource_group_name    =
  account_name           =
  database_name          =
  partition_key_path     = "/definition/id"
  partition_key_version  = 1
  throughput             = 400
  analytical_storage_ttl = var.analytical_storage_ttl

  indexing_policy {
    indexing_mode = "consistent"

    included_path {
      path = "/*"

    included_path {
      path = "/included/?"

    excluded_path {
      path = "/excluded/?"

  unique_key {
    paths = ["/definition/idlong", "/definition/idshort"]

resource "random_pet" "random_prefix" {
  prefix = var.name_prefix

variable "name_prefix" {
  type        = string
  default     = "101-cosmos-db-analyticalstore"
  description = "Prefix for resource group name"

variable "location" {
  type        = string
  default     = "westus"
  description = "Resource group location"

variable "cosmosdb_account_name" {
  type        = string
  default     = null
  description = "Cosmos db account name"

variable "cosmosdb_account_location" {
  type        = string
  default     = "westus"
  description = "Cosmos db account location"

variable "cosmosdb_sqldb_name" {
  type        = string
  default     = "default-sqldb-name"
  description = "value"

variable "throughput" {
  type        = number
  default     = 400
  description = "Cosmos db database throughput"
  validation {
    condition     = var.throughput >= 400 && var.throughput <= 1000000
    error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
  validation {
    condition     = var.throughput % 100 == 0
    error_message = "Cosmos db throughput should be in increments of 100."

variable "sql_container_name" {
  type        = string
  default     = "default-sql-container-name"
  description = "SQL API container name."

variable "analytical_storage_ttl" {
  type        = number
  default     = -1
  description = "Analytical Storage TTL in seconds."

Azure Cosmos-Konto mit standardmäßig bereitgestelltem Durchsatz

Erstellt ein Azure Cosmos-Konto in zwei Regionen mit Optionen für Konsistenz und Failover, wobei Datenbank und Container für den Standarddurchsatz konfiguriert sind, für den die meisten Richtlinienoptionen aktiviert sind

resource "azurerm_resource_group" "example" {
  name     = "${}-rg"
  location = var.location

resource "azurerm_cosmosdb_account" "example" {
  name                      = "${}-cosmosdb"
  location                  = var.cosmosdb_account_location
  resource_group_name       =
  offer_type                = "Standard"
  kind                      = "GlobalDocumentDB"
  enable_automatic_failover = false
  geo_location {
    location          = var.location
    failover_priority = 0
  consistency_policy {
    consistency_level       = "BoundedStaleness"
    max_interval_in_seconds = 300
    max_staleness_prefix    = 100000
  depends_on = [

resource "azurerm_cosmosdb_sql_database" "main" {
  name                = "${}-sqldb"
  resource_group_name =
  account_name        =
  throughput          = var.throughput

resource "azurerm_cosmosdb_sql_container" "example" {
  name                  = "${}-sql-container"
  resource_group_name   =
  account_name          =
  database_name         =
  partition_key_path    = "/definition/id"
  partition_key_version = 1
  throughput            = var.throughput

  indexing_policy {
    indexing_mode = "consistent"

    included_path {
      path = "/*"

    included_path {
      path = "/included/?"

    excluded_path {
      path = "/excluded/?"

  unique_key {
    paths = ["/definition/idlong", "/definition/idshort"]

resource "random_pet" "prefix" {
  prefix = var.prefix
  length = 1

variable "prefix" {
  type        = string
  default     = "cosmosdb-manualscale"
  description = "Prefix of the resource name"

variable "location" {
  type        = string
  default     = "Canada Central"
  description = "Resource group location"

variable "cosmosdb_account_location" {
  type        = string
  default     = "Canada Central"
  description = "Cosmos db account location"

variable "throughput" {
  type        = number
  default     = 400
  description = "Cosmos db database throughput"
  validation {
    condition     = var.throughput >= 400 && var.throughput <= 1000000
    error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
  validation {
    condition     = var.throughput % 100 == 0
    error_message = "Cosmos db throughput should be in increments of 100."

Azure Cosmos DB-Container mit serverseitiger Funktionalität

Erstellt ein Azure Cosmos-Konto, eine Datenbank und einen Container mit einer gespeicherten Prozedur, einem Trigger und einer benutzerdefinierten Funktion.

resource "azurerm_resource_group" "example" {
  name     = "${}-rg"
  location = var.location

resource "azurerm_cosmosdb_account" "example" {
  name                      = "${}-cosmosdb"
  location                  = var.cosmosdb_account_location
  resource_group_name       =
  offer_type                = "Standard"
  kind                      = "GlobalDocumentDB"
  enable_automatic_failover = false
  geo_location {
    location          = var.location
    failover_priority = 0

  consistency_policy {
    consistency_level       = "BoundedStaleness"
    max_interval_in_seconds = 300
    max_staleness_prefix    = 100000

  depends_on = [

resource "azurerm_cosmosdb_sql_database" "main" {
  name                = "${}-sqldb"
  resource_group_name =
  account_name        =
  throughput          = var.throughput

resource "azurerm_cosmosdb_sql_container" "example" {
  name                  = "${}-sql-container"
  resource_group_name   =
  account_name          =
  database_name         =
  partition_key_path    = "/definition/id"
  partition_key_version = 1
  throughput            = 400

  indexing_policy {
    indexing_mode = "consistent"

    included_path {
      path = "/*"

    included_path {
      path = "/included/?"

    excluded_path {
      path = "/excluded/?"

  unique_key {
    paths = ["/definition/idlong", "/definition/idshort"]

resource "azurerm_cosmosdb_sql_stored_procedure" "example" {
  name                = "${}-sql-stored-procedure"
  resource_group_name =
  account_name        =
  database_name       =
  container_name      =
  body                = "function () { var context = getContext(); var response = context.getResponse(); response.setBody('Hello, World'); }"

resource "azurerm_cosmosdb_sql_trigger" "example" {
  name         = "${}-sql-trigger"
  container_id =
  body         = "function validateToDoItemTimestamp(){var context=getContext();var request=context.getRequest();var itemToCreate=request.getBody();if(!('timestamp'in itemToCreate)){var ts=new Date();itemToCreate['timestamp']=ts.getTime();}request.setBody(itemToCreate);}"
  operation    = "Create"
  type         = "Pre"

resource "azurerm_cosmosdb_sql_function" "example" {
  name         = "${}-sql-function"
  container_id =
  body         = "function tax(income){if(income==undefined)throw'no input';if(income<1000)return income*0.1;else if(income<10000)return income*0.2;else return income*0.4;}"

resource "random_pet" "prefix" {
  prefix = var.prefix
  length = 1

variable "prefix" {
  type        = string
  default     = "cosmos-db-ss-func"
  description = "Prefix of the resource name"

variable "location" {
  type        = string
  default     = "Central US"
  description = "Resource group location"

variable "cosmosdb_account_location" {
  type        = string
  default     = "eastus"
  description = "Cosmos db account location"

variable "throughput" {
  type        = number
  default     = 400
  description = "Cosmos db database throughput"
  validation {
    condition     = var.throughput >= 400 && var.throughput <= 1000000
    error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
  validation {
    condition     = var.throughput % 100 == 0
    error_message = "Cosmos db throughput should be in increments of 100."

Azure Cosmos DB Konto mit Microsoft Entra ID und rollenbasierter Zugriffssteuerung

Erstellt ein Azure Cosmos-Konto, eine nativ verwaltete Rollendefinition und eine nativ verwaltete Rollenzuweisung für eine Microsoft Entra-Identität.

data "azurerm_client_config" "current" {}

locals {
  current_user_object_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id)

resource "azurerm_resource_group" "example" {
  name     = "${}-rg"
  location = var.location

resource "random_string" "db_account_name" {
  count = var.cosmosdb_account_name == null ? 1 : 0

  length  = 20
  upper   = false
  special = false
  numeric = false

locals {
  cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)

resource "azurerm_cosmosdb_account" "example" {
  name                      = local.cosmosdb_account_name
  location                  = var.cosmosdb_account_location
  resource_group_name       =
  offer_type                = "Standard"
  kind                      = "GlobalDocumentDB"
  enable_automatic_failover = false
  geo_location {
    location          = var.location
    failover_priority = 0

  consistency_policy {
    consistency_level       = "BoundedStaleness"
    max_interval_in_seconds = 300
    max_staleness_prefix    = 100000

  depends_on = [

resource "azurerm_cosmosdb_sql_database" "example" {
  name                = var.cosmosdb_sqldb_name
  resource_group_name =
  account_name        =
  throughput          = var.throughput

resource "azurerm_cosmosdb_sql_container" "example" {
  name                  = var.sql_container_name
  resource_group_name   =
  account_name          =
  database_name         =
  partition_key_path    = "/definition/id"
  partition_key_version = 1
  throughput            = 400

  indexing_policy {
    indexing_mode = "consistent"

    included_path {
      path = "/*"

    included_path {
      path = "/included/?"

    excluded_path {
      path = "/excluded/?"

  unique_key {
    paths = ["/definition/idlong", "/definition/idshort"]

resource "azurerm_cosmosdb_sql_role_definition" "example" {
  name                = "examplesqlroledef"
  resource_group_name =
  account_name        =
  type                = "CustomRole"
  assignable_scopes   = [

  permissions {
    data_actions = ["Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"]

resource "azurerm_cosmosdb_sql_role_assignment" "example" {
  resource_group_name =
  account_name        =
  role_definition_id  =
  principal_id        = local.current_user_object_id
  scope               = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${}/providers/Microsoft.DocumentDB/databaseAccounts/${}"

resource "random_pet" "prefix" {
  prefix = var.name_prefix

variable "name_prefix" {
  type        = string
  default     = "101-cosmos-db-aad-rbac"
  description = "Prefix for resource group name"

variable "location" {
  type        = string
  default     = "westus"
  description = "Resource group location"

variable "cosmosdb_account_name" {
  type        = string
  default     = null
  description = "Cosmos db account name"

variable "cosmosdb_account_location" {
  type        = string
  default     = "westus"
  description = "Cosmos db account location"

variable "cosmosdb_sqldb_name" {
  type        = string
  default     = "default-sqldb-name"
  description = "value"

variable "msi_id" {
  type        = string
  default     = null
  description = "If you're executing the test with user assigned identity, please pass the identity principal id to this variable."

variable "throughput" {
  type        = number
  default     = 400
  description = "Cosmos db database throughput"
  validation {
    condition     = var.throughput >= 400 && var.throughput <= 1000000
    error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
  validation {
    condition     = var.throughput % 100 == 0
    error_message = "Cosmos db throughput should be in increments of 100."

variable "sql_container_name" {
  type        = string
  default     = "default-sql-container-name"
  description = "SQL API container name."

Azure Cosmos DB-Konto im Free-Tarif

Erstellt ein Azure Cosmos-Konto im Free-Tarif und eine Datenbank mit gemeinsam genutztem Durchsatz, der von bis zu 25 Containern verwendet werden kann

resource "azurerm_resource_group" "example" {
  name     = "${}-rg"
  location = var.location

resource "azurerm_cosmosdb_account" "example" {
  name                      =
  location                  = var.cosmosdb_account_location
  resource_group_name       =
  offer_type                = "Standard"
  kind                      = "GlobalDocumentDB"
  enable_automatic_failover = false
  enable_free_tier          = true
  geo_location {
    location          = var.location
    failover_priority = 0
  consistency_policy {
    consistency_level       = "BoundedStaleness"
    max_interval_in_seconds = 300
    max_staleness_prefix    = 100000
  depends_on = [

resource "azurerm_cosmosdb_sql_database" "main" {
  name                = "${}-cosmosdb-sqldb"
  resource_group_name =
  account_name        =
  throughput          = var.throughput

resource "azurerm_cosmosdb_sql_container" "example" {
  name                  = "${}-sql-container"
  resource_group_name   =
  account_name          =
  database_name         =
  partition_key_path    = "/definition/id"
  partition_key_version = 1
  throughput            = var.throughput

  indexing_policy {
    indexing_mode = "consistent"

    included_path {
      path = "/*"

    included_path {
      path = "/included/?"

    excluded_path {
      path = "/excluded/?"

  unique_key {
    paths = ["/definition/idlong", "/definition/idshort"]

resource "random_pet" "prefix" {
  prefix = var.prefix
  length = 1

variable "prefix" {
  type        = string
  default     = "cosmos-db-free-tier"
  description = "Prefix of the resource name"

variable "location" {
  type        = string
  default     = "Switzerland North"
  description = "Resource group location"

variable "cosmosdb_account_location" {
  type        = string
  default     = "Switzerland North"
  description = "Cosmos db account location"

variable "throughput" {
  type        = number
  default     = 400
  description = "Cosmos db database throughput"
  validation {
    condition     = var.throughput >= 400 && var.throughput <= 1000000
    error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
  validation {
    condition     = var.throughput % 100 == 0
    error_message = "Cosmos db throughput should be in increments of 100."

Nächste Schritte

