Create an Azure Cosmos DB account with IP Firewall

APPLIES TO: NoSQL MongoDB Cassandra Gremlin Table

Note

We recommend that you use the Azure Az PowerShell module to interact with Azure. See Install Azure PowerShell to get started. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.

This sample requires Azure PowerShell Az 5.4.0 or later. Run Get-Module -ListAvailable Az to see which versions are installed. If you need to install, see Install Azure PowerShell module.

Run Connect-AzAccount -Environment AzureChinaCloud to sign in to Azure.

Sample script

Note

This sample demonstrates using a API for NoSQL account. To use this sample for other APIs, copy the related properties and apply to your API specific script

# Reference: Az.CosmosDB | https://learn.microsoft.com/powershell/module/az.cosmosdb
# --------------------------------------------------
# Purpose
# Create Cosmos DB SQL API account with firewall
# --------------------------------------------------
Function New-RandomString{Param ([Int]$Length = 10) return $(-join ((97..122) + (48..57) | Get-Random -Count $Length | ForEach-Object {[char]$_}))}
# --------------------------------------------------
$uniqueId = New-RandomString -Length 7 # Random alphanumeric string for unique resource names
$apiKind = "Sql"
# --------------------------------------------------
# Variables - ***** SUBSTITUTE YOUR VALUES *****
$locations = @("China East", "China North") # Regions ordered by failover priority
$resourceGroupName = "myResourceGroup" # Resource Group must already exist
$accountName = "cosmos-$uniqueId" # Must be all lower case
$consistencyLevel = "Session"
$ipFilter = @("10.0.0.0/8", "11.0.1.0/24")
$allowAzureAccess = $true # Allow access to Azure networks and portal
# --------------------------------------------------

if ($true -eq $allowAzureAccess) {
    $ipFilter += "0.0.0.0"
}

Write-Host "Creating account $accountName"
$account = New-AzCosmosDBAccount -ResourceGroupName $resourceGroupName `
    -Location $locations -Name $accountName -ApiKind $apiKind `
    -DefaultConsistencyLevel $consistencyLevel -IpRangeFilter $ipFilter `
    -EnableAutomaticFailover:$true

Clean up deployment

After the script sample has been run, the following command can be used to remove the resource group and all resources associated with it.

Remove-AzResourceGroup -ResourceGroupName "myResourceGroup"

Script explanation

This script uses the following commands. Each command in the table links to command specific documentation.

Command Notes
Azure Cosmos DB
New-AzCosmosDBAccount Creates a new Azure Cosmos DB Account.
Azure Resource Groups
Remove-AzResourceGroup Deletes a resource group including all nested resources.

Next steps

For more information on the Azure PowerShell, see Azure PowerShell documentation.