Mengelola Azure Cosmos DB untuk sumber daya NoSQL dengan terraform
BERLAKU UNTUK: 
NoSQL
Dalam artikel ini, Anda mempelajari cara menggunakan terraform untuk menyebarkan dan mengelola akun, database, dan kontainer Azure Cosmos DB Anda.
Artikel ini memperlihatkan sampel terraform untuk akun NoSQL.
Penting
- Nama akun dibatasi hingga 44 karakter, semuanya huruf kecil.
- Untuk mengubah nilai throughput (RU/s), sebarkan ulang file terraform dengan RU/s yang diperbarui.
- Saat Anda menambahkan atau menghapus lokasi ke akun Azure Cosmos, Anda tidak dapat mengubah properti lain secara bersamaan. Operasi ini harus dilakukan secara terpisah.
- Untuk menyediakan throughput di tingkat database dan berbagi di semua kontainer, terapkan nilai throughput ke properti opsi database.
Untuk membuat salah satu sumber daya Azure Cosmos DB di bawah ini, salin contoh ke dalam file terraform baru (main.tf) atau sebagai alternatif, memiliki dua file terpisah untuk sumber daya (main.tf) dan variabel (variables.tf). Pastikan untuk menyertakan penyedia azurerm baik dalam file terraform utama atau pisahkan ke file penyedia terpisah. Semua contoh dapat ditemukan di repositori sampel terraform.
terraform {
required_version = ">= 1.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">= 3.0, < 4.0"
}
random = {
source = "hashicorp/random"
version = ">= 3.0"
}
}
}
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}
Akun Azure Cosmos dengan throughput skala otomatis
Buat akun Azure Cosmos di dua wilayah dengan opsi untuk konsistensi dan failover, dengan database dan kontainer yang dikonfigurasi untuk throughput skala otomatis yang mengaktifkan sebagian besar opsi kebijakan.
main.tf
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
}
resource "random_string" "db_account_name" {
count = var.cosmosdb_account_name == null ? 1 : 0
length = 20
upper = false
special = false
numeric = false
}
locals {
cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)
}
resource "azurerm_cosmosdb_account" "example" {
name = local.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
}
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
}
depends_on = [
azurerm_resource_group.example
]
}
resource "azurerm_cosmosdb_sql_database" "main" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
autoscale_settings {
max_throughput = var.max_throughput
}
}
resource "azurerm_cosmosdb_sql_container" "example" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
autoscale_settings {
max_throughput = var.max_throughput
}
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
}
included_path {
path = "/included/?"
}
excluded_path {
path = "/excluded/?"
}
}
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
}
}
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
}
variables.tf
variable "prefix" {
type = string
default = "cosmos-db-autoscale"
description = "Prefix of the resource name"
}
variable "location" {
type = string
default = "North Europe"
description = "Resource group location"
}
variable "cosmosdb_account_name" {
type = string
default = null
description = "Cosmos db account name"
}
variable "cosmosdb_account_location" {
type = string
default = "North Europe"
description = "Cosmos db account location"
}
variable "cosmosdb_sqldb_name" {
type = string
default = "default-cosmosdb-sqldb"
description = "value"
}
variable "sql_container_name" {
type = string
default = "default-sql-container"
description = "SQL API container name."
}
variable "max_throughput" {
type = number
default = 4000
description = "Cosmos db database max throughput"
validation {
condition = var.max_throughput >= 4000 && var.max_throughput <= 1000000
error_message = "Cosmos db autoscale max throughput should be equal to or greater than 4000 and less than or equal to 1000000."
}
validation {
condition = var.max_throughput % 100 == 0
error_message = "Cosmos db max throughput should be in increments of 100."
}
}
Akun Azure Cosmos dengan penyimpanan analitis
Buat akun Azure Cosmos di satu wilayah dengan kontainer dengan Analytical TTL diaktifkan dan opsi untuk throughput manual atau skala otomatis.
main.tf
resource "azurerm_resource_group" "example" {
name = "${random_pet.random_prefix.id}-rg"
location = var.location
}
resource "random_string" "db_account_name" {
count = var.cosmosdb_account_name == null ? 1 : 0
length = 20
upper = false
special = false
numeric = false
}
locals {
cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)
}
resource "azurerm_cosmosdb_account" "example" {
name = local.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
analytical_storage_enabled = true
geo_location {
location = var.location
failover_priority = 0
}
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
}
depends_on = [
azurerm_resource_group.example
]
}
resource "azurerm_cosmosdb_sql_database" "example" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
}
resource "azurerm_cosmosdb_sql_container" "main" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.example.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
analytical_storage_ttl = var.analytical_storage_ttl
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
}
included_path {
path = "/included/?"
}
excluded_path {
path = "/excluded/?"
}
}
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
}
}
resource "random_pet" "random_prefix" {
prefix = var.name_prefix
}
variables.tf
variable "name_prefix" {
type = string
default = "101-cosmos-db-analyticalstore"
description = "Prefix for resource group name"
}
variable "location" {
type = string
default = "westus"
description = "Resource group location"
}
variable "cosmosdb_account_name" {
type = string
default = null
description = "Cosmos db account name"
}
variable "cosmosdb_account_location" {
type = string
default = "westus"
description = "Cosmos db account location"
}
variable "cosmosdb_sqldb_name" {
type = string
default = "default-sqldb-name"
description = "value"
}
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
}
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
}
}
variable "sql_container_name" {
type = string
default = "default-sql-container-name"
description = "SQL API container name."
}
variable "analytical_storage_ttl" {
type = number
default = -1
description = "Analytical Storage TTL in seconds."
}
Akun Azure Cosmos dengan throughput yang diprovisikan standar
Buat akun Azure Cosmos di dua wilayah dengan opsi untuk konsistensi dan failover, dengan database dan kontainer yang dikonfigurasi untuk throughput standar yang sebagian besar opsi kebijakannya diaktifkan.
main.tf
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
}
resource "azurerm_cosmosdb_account" "example" {
name = "${random_pet.prefix.id}-cosmosdb"
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
}
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
}
depends_on = [
azurerm_resource_group.example
]
}
resource "azurerm_cosmosdb_sql_database" "main" {
name = "${random_pet.prefix.id}-sqldb"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
}
resource "azurerm_cosmosdb_sql_container" "example" {
name = "${random_pet.prefix.id}-sql-container"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = var.throughput
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
}
included_path {
path = "/included/?"
}
excluded_path {
path = "/excluded/?"
}
}
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
}
}
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
}
variables.tf
variable "prefix" {
type = string
default = "cosmosdb-manualscale"
description = "Prefix of the resource name"
}
variable "location" {
type = string
default = "Canada Central"
description = "Resource group location"
}
variable "cosmosdb_account_location" {
type = string
default = "Canada Central"
description = "Cosmos db account location"
}
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
}
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
}
}
Kontainer Azure Cosmos DB dengan fungsionalitas sisi server
Buat akun, database, dan kontainer Azure Cosmos dengan prosedur tersimpan, pemicu, dan fungsi yang ditentukan pengguna.
main.tf
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
}
resource "azurerm_cosmosdb_account" "example" {
name = "${random_pet.prefix.id}-cosmosdb"
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
}
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
}
depends_on = [
azurerm_resource_group.example
]
}
resource "azurerm_cosmosdb_sql_database" "main" {
name = "${random_pet.prefix.id}-sqldb"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
}
resource "azurerm_cosmosdb_sql_container" "example" {
name = "${random_pet.prefix.id}-sql-container"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
}
included_path {
path = "/included/?"
}
excluded_path {
path = "/excluded/?"
}
}
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
}
}
resource "azurerm_cosmosdb_sql_stored_procedure" "example" {
name = "${random_pet.prefix.id}-sql-stored-procedure"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
container_name = azurerm_cosmosdb_sql_container.example.name
body = "function () { var context = getContext(); var response = context.getResponse(); response.setBody('Hello, World'); }"
}
resource "azurerm_cosmosdb_sql_trigger" "example" {
name = "${random_pet.prefix.id}-sql-trigger"
container_id = azurerm_cosmosdb_sql_container.example.id
body = "function validateToDoItemTimestamp(){var context=getContext();var request=context.getRequest();var itemToCreate=request.getBody();if(!('timestamp'in itemToCreate)){var ts=new Date();itemToCreate['timestamp']=ts.getTime();}request.setBody(itemToCreate);}"
operation = "Create"
type = "Pre"
}
resource "azurerm_cosmosdb_sql_function" "example" {
name = "${random_pet.prefix.id}-sql-function"
container_id = azurerm_cosmosdb_sql_container.example.id
body = "function tax(income){if(income==undefined)throw'no input';if(income<1000)return income*0.1;else if(income<10000)return income*0.2;else return income*0.4;}"
}
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
}
variables.tf
variable "prefix" {
type = string
default = "cosmos-db-ss-func"
description = "Prefix of the resource name"
}
variable "location" {
type = string
default = "Central US"
description = "Resource group location"
}
variable "cosmosdb_account_location" {
type = string
default = "eastus"
description = "Cosmos db account location"
}
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
}
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
}
}
Akun Azure Cosmos DB dengan ID Microsoft Entra dan kontrol akses berbasis peran
Buat akun Azure Cosmos, Definisi Peran yang dikelola secara asli, dan Penetapan Peran yang dikelola secara asli untuk identitas Microsoft Entra.
main.tf
data "azurerm_client_config" "current" {}
locals {
current_user_object_id = coalesce(var.msi_id, data.azurerm_client_config.current.object_id)
}
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
}
resource "random_string" "db_account_name" {
count = var.cosmosdb_account_name == null ? 1 : 0
length = 20
upper = false
special = false
numeric = false
}
locals {
cosmosdb_account_name = try(random_string.db_account_name[0].result, var.cosmosdb_account_name)
}
resource "azurerm_cosmosdb_account" "example" {
name = local.cosmosdb_account_name
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
geo_location {
location = var.location
failover_priority = 0
}
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
}
depends_on = [
azurerm_resource_group.example
]
}
resource "azurerm_cosmosdb_sql_database" "example" {
name = var.cosmosdb_sqldb_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
}
resource "azurerm_cosmosdb_sql_container" "example" {
name = var.sql_container_name
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.example.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = 400
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
}
included_path {
path = "/included/?"
}
excluded_path {
path = "/excluded/?"
}
}
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
}
}
resource "azurerm_cosmosdb_sql_role_definition" "example" {
name = "examplesqlroledef"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
type = "CustomRole"
assignable_scopes = [
"/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.example.name}/providers/Microsoft.DocumentDB/databaseAccounts/${azurerm_cosmosdb_account.example.name}"
]
permissions {
data_actions = ["Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read"]
}
}
resource "azurerm_cosmosdb_sql_role_assignment" "example" {
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
role_definition_id = azurerm_cosmosdb_sql_role_definition.example.id
principal_id = local.current_user_object_id
scope = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${azurerm_resource_group.example.name}/providers/Microsoft.DocumentDB/databaseAccounts/${azurerm_cosmosdb_account.example.name}"
}
resource "random_pet" "prefix" {
prefix = var.name_prefix
}
variables.tf
variable "name_prefix" {
type = string
default = "101-cosmos-db-aad-rbac"
description = "Prefix for resource group name"
}
variable "location" {
type = string
default = "westus"
description = "Resource group location"
}
variable "cosmosdb_account_name" {
type = string
default = null
description = "Cosmos db account name"
}
variable "cosmosdb_account_location" {
type = string
default = "westus"
description = "Cosmos db account location"
}
variable "cosmosdb_sqldb_name" {
type = string
default = "default-sqldb-name"
description = "value"
}
variable "msi_id" {
type = string
default = null
description = "If you're executing the test with user assigned identity, please pass the identity principal id to this variable."
}
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
}
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
}
}
variable "sql_container_name" {
type = string
default = "default-sql-container-name"
description = "SQL API container name."
}
Akun Azure Cosmos DB tingkat gratis
Buat akun Azure Cosmos tingkat gratis dan database dengan throughput bersama yang dapat dibagikan hingga ke 25 kontainer.
main.tf
resource "azurerm_resource_group" "example" {
name = "${random_pet.prefix.id}-rg"
location = var.location
}
resource "azurerm_cosmosdb_account" "example" {
name = random_pet.prefix.id
location = var.cosmosdb_account_location
resource_group_name = azurerm_resource_group.example.name
offer_type = "Standard"
kind = "GlobalDocumentDB"
enable_automatic_failover = false
enable_free_tier = true
geo_location {
location = var.location
failover_priority = 0
}
consistency_policy {
consistency_level = "BoundedStaleness"
max_interval_in_seconds = 300
max_staleness_prefix = 100000
}
depends_on = [
azurerm_resource_group.example
]
}
resource "azurerm_cosmosdb_sql_database" "main" {
name = "${random_pet.prefix.id}-cosmosdb-sqldb"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
throughput = var.throughput
}
resource "azurerm_cosmosdb_sql_container" "example" {
name = "${random_pet.prefix.id}-sql-container"
resource_group_name = azurerm_resource_group.example.name
account_name = azurerm_cosmosdb_account.example.name
database_name = azurerm_cosmosdb_sql_database.main.name
partition_key_path = "/definition/id"
partition_key_version = 1
throughput = var.throughput
indexing_policy {
indexing_mode = "consistent"
included_path {
path = "/*"
}
included_path {
path = "/included/?"
}
excluded_path {
path = "/excluded/?"
}
}
unique_key {
paths = ["/definition/idlong", "/definition/idshort"]
}
}
resource "random_pet" "prefix" {
prefix = var.prefix
length = 1
}
variables.tf
variable "prefix" {
type = string
default = "cosmos-db-free-tier"
description = "Prefix of the resource name"
}
variable "location" {
type = string
default = "Switzerland North"
description = "Resource group location"
}
variable "cosmosdb_account_location" {
type = string
default = "Switzerland North"
description = "Cosmos db account location"
}
variable "throughput" {
type = number
default = 400
description = "Cosmos db database throughput"
validation {
condition = var.throughput >= 400 && var.throughput <= 1000000
error_message = "Cosmos db manual throughput should be equal to or greater than 400 and less than or equal to 1000000."
}
validation {
condition = var.throughput % 100 == 0
error_message = "Cosmos db throughput should be in increments of 100."
}
}
Langkah berikutnya
Berikut adalah beberapa sumber daya lainnya: