Manage Azure Cosmos DB for NoSQL resources with Bicep
APPLIES TO: NoSQL
In this article, you learn how to use Bicep to deploy and manage your Azure Cosmos DB accounts, databases, and containers.
This article shows Bicep samples for API for NoSQL accounts. You can also find Bicep samples for Cassandra, Gremlin, MongoDB, and Table APIs.
Important
- Account names are limited to 44 characters, all lowercase.
- To change the throughput (RU/s) values, redeploy the Bicep file with updated RU/s.
- When you add or remove locations to an Azure Cosmos DB account, you can't simultaneously modify other properties. These operations must be done separately.
- To provision throughput at the database level and share across all containers, apply the throughput values to the database options property.
To create any of the Azure Cosmos DB resources below, copy the following example into a new bicep file. You can optionally create a parameters file to use when deploying multiple instances of the same resource with different names and values. There are many ways to deploy Azure Bicep files including, Azure CLI, and Azure PowerShell.
Azure Cosmos DB account with autoscale throughput
Create an Azure Cosmos DB account in two regions with options for consistency and failover, with database and container configured for autoscale throughput that has most index policy options enabled.
@description('Cosmos DB account name, max length 44 characters, lowercase')
param accountName string = 'sql-${uniqueString(resourceGroup().id)}'
@description('Location for the Cosmos DB account.')
param location string = resourceGroup().location
@description('The primary region for the Cosmos DB account.')
param primaryRegion string
@description('The secondary region for the Cosmos DB account.')
param secondaryRegion string
@description('The default consistency level of the Cosmos DB account.')
@allowed([
'Eventual'
'ConsistentPrefix'
'Session'
'BoundedStaleness'
'Strong'
])
param defaultConsistencyLevel string = 'Session'
@description('Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 2147483647. Multi Region: 100000 to 2147483647.')
@minValue(10)
@maxValue(2147483647)
param maxStalenessPrefix int = 100000
@description('Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400.')
@minValue(5)
@maxValue(86400)
param maxIntervalInSeconds int = 300
@description('Enable system managed failover for regions')
param systemManagedFailover bool = true
@description('The name for the database')
param databaseName string
@description('The name for the container')
param containerName string
@description('Maximum autoscale throughput for the container')
@minValue(1000)
@maxValue(1000000)
param autoscaleMaxThroughput int = 1000
var consistencyPolicy = {
Eventual: {
defaultConsistencyLevel: 'Eventual'
}
ConsistentPrefix: {
defaultConsistencyLevel: 'ConsistentPrefix'
}
Session: {
defaultConsistencyLevel: 'Session'
}
BoundedStaleness: {
defaultConsistencyLevel: 'BoundedStaleness'
maxStalenessPrefix: maxStalenessPrefix
maxIntervalInSeconds: maxIntervalInSeconds
}
Strong: {
defaultConsistencyLevel: 'Strong'
}
}
var locations = [
{
locationName: primaryRegion
failoverPriority: 0
isZoneRedundant: false
}
{
locationName: secondaryRegion
failoverPriority: 1
isZoneRedundant: false
}
]
resource account 'Microsoft.DocumentDB/databaseAccounts@2022-05-15' = {
name: toLower(accountName)
kind: 'GlobalDocumentDB'
location: location
properties: {
consistencyPolicy: consistencyPolicy[defaultConsistencyLevel]
locations: locations
databaseAccountOfferType: 'Standard'
enableAutomaticFailover: systemManagedFailover
}
}
resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
parent: account
name: databaseName
properties: {
resource: {
id: databaseName
}
}
}
resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2022-05-15' = {
parent: database
name: containerName
properties: {
resource: {
id: containerName
partitionKey: {
paths: [
'/myPartitionKey'
]
kind: 'Hash'
}
indexingPolicy: {
indexingMode: 'consistent'
includedPaths: [
{
path: '/*'
}
]
excludedPaths: [
{
path: '/myPathToNotIndex/*'
}
{
path: '/_etag/?'
}
]
compositeIndexes: [
[
{
path: '/name'
order: 'ascending'
}
{
path: '/age'
order: 'descending'
}
]
]
spatialIndexes: [
{
path: '/path/to/geojson/property/?'
types: [
'Point'
'Polygon'
'MultiPolygon'
'LineString'
]
}
]
}
defaultTtl: 86400
uniqueKeyPolicy: {
uniqueKeys: [
{
paths: [
'/phoneNumber'
]
}
]
}
}
options: {
autoscaleSettings: {
maxThroughput: autoscaleMaxThroughput
}
}
}
}
Azure Cosmos DB account with analytical store
Create an Azure Cosmos DB account in one region with a container with Analytical TTL enabled and options for manual or autoscale throughput.
@description('Azure Cosmos DB account name')
param accountName string = 'sql-${uniqueString(resourceGroup().id)}'
@description('Location for the Azure Cosmos DB account.')
param location string = resourceGroup().location
@description('The name for the database')
param databaseName string = 'database1'
@description('The name for the container')
param containerName string = 'container1'
@description('The partition key for the container')
param partitionKeyPath string = '/partitionKey'
@description('The throughput policy for the container')
@allowed([
'Manual'
'Autoscale'
])
param throughputPolicy string = 'Autoscale'
@description('Throughput value when using Manual Throughput Policy for the container')
@minValue(400)
@maxValue(1000000)
param manualProvisionedThroughput int = 400
@description('Maximum throughput when using Autoscale Throughput Policy for the container')
@minValue(1000)
@maxValue(1000000)
param autoscaleMaxThroughput int = 1000
@description('Time to Live for data in analytical store. (-1 no expiry)')
@minValue(-1)
@maxValue(2147483647)
param analyticalStoreTTL int = -1
var locations = [
{
locationName: location
failoverPriority: 0
isZoneRedundant: false
}
]
var throughput_Policy = {
Manual: {
throughput: manualProvisionedThroughput
}
Autoscale: {
autoscaleSettings: {
maxThroughput: autoscaleMaxThroughput
}
}
}
resource account 'Microsoft.DocumentDB/databaseAccounts@2022-05-15' = {
name: toLower(accountName)
location: location
properties: {
consistencyPolicy: {
defaultConsistencyLevel: 'Session'
}
databaseAccountOfferType: 'Standard'
locations: locations
enableAnalyticalStorage: true
}
}
resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
parent: account
name: databaseName
properties: {
resource: {
id: databaseName
}
}
}
resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2022-05-15' = {
parent: database
name: containerName
properties: {
resource: {
id: containerName
partitionKey: {
paths: [
partitionKeyPath
]
kind: 'Hash'
}
analyticalStorageTtl: analyticalStoreTTL
}
options: throughput_Policy[throughputPolicy]
}
}
Azure Cosmos DB account with standard provisioned throughput
Create an Azure Cosmos DB account in two regions with options for consistency and failover, with database and container configured for standard throughput that has most policy options enabled.
@description('Azure Cosmos DB account name, max length 44 characters')
param accountName string = 'sql-${uniqueString(resourceGroup().id)}'
@description('Location for the Azure Cosmos DB account.')
param location string = resourceGroup().location
@description('The primary region for the Azure Cosmos DB account.')
param primaryRegion string
@description('The secondary region for the Azure Cosmos DB account.')
param secondaryRegion string
@allowed([
'Eventual'
'ConsistentPrefix'
'Session'
'BoundedStaleness'
'Strong'
])
@description('The default consistency level of the Cosmos DB account.')
param defaultConsistencyLevel string = 'Session'
@minValue(10)
@maxValue(2147483647)
@description('Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 2147483647. Multi Region: 100000 to 2147483647.')
param maxStalenessPrefix int = 100000
@minValue(5)
@maxValue(86400)
@description('Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400.')
param maxIntervalInSeconds int = 300
@allowed([
true
false
])
@description('Enable system managed failover for regions')
param systemManagedFailover bool = true
@description('The name for the database')
param databaseName string = 'myDatabase'
@description('The name for the container')
param containerName string = 'myContainer'
@minValue(400)
@maxValue(1000000)
@description('The throughput for the container')
param throughput int = 400
var consistencyPolicy = {
Eventual: {
defaultConsistencyLevel: 'Eventual'
}
ConsistentPrefix: {
defaultConsistencyLevel: 'ConsistentPrefix'
}
Session: {
defaultConsistencyLevel: 'Session'
}
BoundedStaleness: {
defaultConsistencyLevel: 'BoundedStaleness'
maxStalenessPrefix: maxStalenessPrefix
maxIntervalInSeconds: maxIntervalInSeconds
}
Strong: {
defaultConsistencyLevel: 'Strong'
}
}
var locations = [
{
locationName: primaryRegion
failoverPriority: 0
isZoneRedundant: false
}
{
locationName: secondaryRegion
failoverPriority: 1
isZoneRedundant: false
}
]
resource account 'Microsoft.DocumentDB/databaseAccounts@2022-05-15' = {
name: toLower(accountName)
location: location
kind: 'GlobalDocumentDB'
properties: {
consistencyPolicy: consistencyPolicy[defaultConsistencyLevel]
locations: locations
databaseAccountOfferType: 'Standard'
enableAutomaticFailover: systemManagedFailover
}
}
resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
name: '${account.name}/${databaseName}'
properties: {
resource: {
id: databaseName
}
}
}
resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2022-05-15' = {
name: '${database.name}/${containerName}'
properties: {
resource: {
id: containerName
partitionKey: {
paths: [
'/myPartitionKey'
]
kind: 'Hash'
}
indexingPolicy: {
indexingMode: 'consistent'
includedPaths: [
{
path: '/*'
}
]
excludedPaths: [
{
path: '/myPathToNotIndex/*'
}
{
path: '/_etag/?'
}
]
compositeIndexes: [
[
{
path: '/name'
order: 'ascending'
}
{
path: '/age'
order: 'descending'
}
]
]
spatialIndexes: [
{
path: '/location/*'
types: [
'Point'
'Polygon'
'MultiPolygon'
'LineString'
]
}
]
}
defaultTtl: 86400
uniqueKeyPolicy: {
uniqueKeys: [
{
paths: [
'/phoneNumber'
]
}
]
}
}
options: {
throughput: throughput
}
}
}
Azure Cosmos DB container with server-side functionality
Create an Azure Cosmos DB account, database and container with a stored procedure, trigger, and user-defined function.
@description('Cosmos DB account name')
param accountName string = 'sql-${uniqueString(resourceGroup().id)}'
@description('Location for the Cosmos DB account.')
param location string = resourceGroup().location
@description('The primary region for the Cosmos DB account.')
param primaryRegion string
@description('The default consistency level of the Cosmos DB account.')
@allowed([
'Eventual'
'ConsistentPrefix'
'Session'
'BoundedStaleness'
'Strong'
])
param defaultConsistencyLevel string = 'Session'
@description('Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 2147483647. Multi Region: 100000 to 2147483647.')
@minValue(10)
@maxValue(2147483647)
param maxStalenessPrefix int = 100000
@description('Max lag time (seconds). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400.')
@minValue(5)
@maxValue(86400)
param maxIntervalInSeconds int = 300
@description('Enable system managed failover for regions')
param systemManagedFailover bool = true
@description('The name for the database')
param databaseName string = 'database1'
@description('The name for the container')
param containerName string = 'container1'
@description('The throughput for the container')
@minValue(400)
@maxValue(1000000)
param throughput int = 400
var consistencyPolicy = {
Eventual: {
defaultConsistencyLevel: 'Eventual'
}
ConsistentPrefix: {
defaultConsistencyLevel: 'ConsistentPrefix'
}
Session: {
defaultConsistencyLevel: 'Session'
}
BoundedStaleness: {
defaultConsistencyLevel: 'BoundedStaleness'
maxStalenessPrefix: maxStalenessPrefix
maxIntervalInSeconds: maxIntervalInSeconds
}
Strong: {
defaultConsistencyLevel: 'Strong'
}
}
var locations = [
{
locationName: primaryRegion
failoverPriority: 0
isZoneRedundant: false
}
]
resource account 'Microsoft.DocumentDB/databaseAccounts@2022-05-15' = {
name: toLower(accountName)
location: location
kind: 'GlobalDocumentDB'
properties: {
consistencyPolicy: consistencyPolicy[defaultConsistencyLevel]
locations: locations
databaseAccountOfferType: 'Standard'
enableAutomaticFailover: systemManagedFailover
}
}
resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
parent: account
name: databaseName
properties: {
resource: {
id: databaseName
}
}
}
resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2022-05-15' = {
parent: database
name: containerName
properties: {
resource: {
id: containerName
partitionKey: {
paths: [
'/myPartitionKey'
]
kind: 'Hash'
}
indexingPolicy: {
indexingMode: 'consistent'
includedPaths: [
{
path: '/*'
}
]
excludedPaths: [
{
path: '/_etag/?'
}
]
}
}
options: {
throughput: throughput
}
}
}
resource storedProcedure 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures@2022-05-15' = {
parent: container
name: 'myStoredProcedure'
properties: {
resource: {
id: 'myStoredProcedure'
body: 'function () { var context = getContext(); var response = context.getResponse(); response.setBody(\'Hello, World\'); }'
}
}
}
resource trigger 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/triggers@2022-05-15' = {
parent: container
name: 'myPreTrigger'
properties: {
resource: {
id: 'myPreTrigger'
triggerType: 'Pre'
triggerOperation: 'Create'
body: 'function validateToDoItemTimestamp(){var context=getContext();var request=context.getRequest();var itemToCreate=request.getBody();if(!(\'timestamp\'in itemToCreate)){var ts=new Date();itemToCreate[\'timestamp\']=ts.getTime();}request.setBody(itemToCreate);}'
}
}
}
resource userDefinedFunction 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/userDefinedFunctions@2022-05-15' = {
parent: container
name: 'myUserDefinedFunction'
properties: {
resource: {
id: 'myUserDefinedFunction'
body: 'function tax(income){if(income==undefined)throw\'no input\';if(income<1000)return income*0.1;else if(income<10000)return income*0.2;else return income*0.4;}'
}
}
}
Azure Cosmos DB account with Microsoft Entra ID and RBAC
Create an Azure Cosmos DB account, a natively maintained Role Definition, and a natively maintained Role Assignment for a Microsoft Entra identity.
@description('Location for all resources.')
param location string = resourceGroup().location
@description('Cosmos DB account name, max length 44 characters')
param accountName string = toLower('sql-rbac-${uniqueString(resourceGroup().id)}')
@description('Friendly name for the SQL Role Definition')
param roleDefinitionName string = 'My Read Write Role'
@description('Data actions permitted by the Role Definition')
param dataActions array = [
'Microsoft.DocumentDB/databaseAccounts/readMetadata'
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*'
]
@description('Object ID of the AAD identity. Must be a GUID.')
param principalId string
var locations = [
{
locationName: location
failoverPriority: 0
isZoneRedundant: false
}
]
var roleDefinitionId = guid('sql-role-definition-', principalId, databaseAccount.id)
var roleAssignmentId = guid(roleDefinitionId, principalId, databaseAccount.id)
resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-04-15' = {
name: accountName
kind: 'GlobalDocumentDB'
location: location
properties: {
consistencyPolicy: {
defaultConsistencyLevel: 'Session'
}
locations: locations
databaseAccountOfferType: 'Standard'
enableAutomaticFailover: false
enableMultipleWriteLocations: false
}
}
resource sqlRoleDefinition 'Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions@2021-04-15' = {
name: '${databaseAccount.name}/${roleDefinitionId}'
properties: {
roleName: roleDefinitionName
type: 'CustomRole'
assignableScopes: [
databaseAccount.id
]
permissions: [
{
dataActions: dataActions
}
]
}
}
resource sqlRoleAssignment 'Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments@2021-04-15' = {
name: '${databaseAccount.name}/${roleAssignmentId}'
properties: {
roleDefinitionId: sqlRoleDefinition.id
principalId: principalId
scope: databaseAccount.id
}
}
Free tier Azure Cosmos DB account
Create a free-tier Azure Cosmos DB account and a database with shared throughput that can be shared with up to 25 containers.
@description('Cosmos DB account name')
param accountName string = 'cosmos-${uniqueString(resourceGroup().id)}'
@description('Location for the Cosmos DB account.')
param location string = resourceGroup().location
@description('The name for the SQL API database')
param databaseName string
@description('The name for the SQL API container')
param containerName string
resource account 'Microsoft.DocumentDB/databaseAccounts@2022-05-15' = {
name: toLower(accountName)
location: location
properties: {
enableFreeTier: true
databaseAccountOfferType: 'Standard'
consistencyPolicy: {
defaultConsistencyLevel: 'Session'
}
locations: [
{
locationName: location
}
]
}
}
resource database 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases@2022-05-15' = {
parent: account
name: databaseName
properties: {
resource: {
id: databaseName
}
options: {
throughput: 1000
}
}
}
resource container 'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers@2022-05-15' = {
parent: database
name: containerName
properties: {
resource: {
id: containerName
partitionKey: {
paths: [
'/myPartitionKey'
]
kind: 'Hash'
}
indexingPolicy: {
indexingMode: 'consistent'
includedPaths: [
{
path: '/*'
}
]
excludedPaths: [
{
path: '/_etag/?'
}
]
}
}
}
}
Next steps
Here are some additional resources: