Skip to main content

Add more security to an Azure CosmosDB Account.

W
e can access programmatically to Azure Cosmos DB resources to create, query, and delete databases, document collections, and documents via REST API. To perform operations on Azure Cosmos DB resources, you can send HTTPS requests with a selected method: GET, POST, PUT, or DELETE to an CosmosDB endpoint. 

Frequently we build architecture with centralized access to a persistence layer, then we won't let other applications access directly to this layer.

Suppose we have the following hypothetical scenario (see Figure 1):


Figure 1. Hypothetical Scenario

Only WEB API Service with IP1 is allowed to establish connections with CosmosDB EndPoint. The others elements showed as Application are not allowed. By default we have in our CosmosDB resource the following configuration (see Figure 2) in Firewall and Virtual Networks option.

Figure 2. Default Configuration


To show you how this feature works, we are going to create a WEP API with a single function (route) to retrieve some information from a CosmosDB collection. We won't create web application, for our purposes web api with swagger UI is enough to show the functionality (See Figure 3)



Figure 3. WEB API running in localhost

Without firewall rules, we can retrieve data from CosmosDB collection from a REST API hosted in our development laptop.  (See Figure 4).

Figure 4. Retrieving data from CosmosDB Collection

Now we are going to allow access only from Public Azure Data Centers and from Azure Portal.

Figure 5. Allow Access only from Azure

If we try to retrieve again data from CosmosDB Collection we got error message (See Figure 6)

Figure 6. Error Message

Still we are allow to retrieve data from WEB API hosted inside Azure (See Figure 7)

Figure 7. Access from Azure 

Figures 6 and 7 show that, even when we do not understand anything about virtual networks, we can add some IP's address or ranges of these in Firewall and Virtual Networks option to limit and control access to our resources in CosmosDB. 

Bye !!!!

Labels:

Comments

Post a Comment

Popular posts from this blog

Update data in COSMOS DB with Azure Functions.

I was looking for a way to update COSMOS DB document after receive a  request inside Azure Function without any COSMOS DB biding. I didn't find a way !!  I took another way. I don't know if it is the right or wrong way. But this way works for me. Scenario is very simple. We have sales orders arriving into the data base. We have another Azure function to insert those new orders. But suppose we need to cancel some order. How to do that using Azure Function ? Let´s start !!! Step 1. Sample Collection. This collection is very simple,  we are focused on results. Step 2. Create a Function and Select HttpTrigger template.  Step 3. Code  More code.  Step 4. Test Step 5. Results  See you soon 
2 comments
Read more

Querying CosmosDB. Part 1

Hi CosmosDB Community !!! I'd like to contribute with some posts about how to query Cosmos DB Collection with SQL API. Suppose we have a speaker list of differents events around a whole world. The link above represent speaker list example. Example1.json For all examples we will use Data Explore in Azure Portal. Anyway, you can use any API in any supported programming language to write your queries. We are not using Modeling data techniques or witting same data in different ways to avoid cross partition queries. The main objective of the post is how to use built-in functions and operators in CosmosDB SQL API. I'd like to list all events from Hassan Arteaga Rodríguez  Query SELECT * FROM c where c.speaker = "Hassan Arteaga Rodriguez" Results I need to list all events from MEXICO. Not all fields Query SELECT c.speaker, c.event_name,c.init_date,c.end_date FROM c where c.event_country = "MEXICO" Results ...
Post a Comment
Read more