Disabling Datacenter Network Access to Cosmos DB Using Powershell / Azure CLI

Question

I went through the documentation to find a way to disable the option "Accept connections from within public Azure datacenters" on the "Firewall and Virtual networks" settings page using Powershell, or Azure CLI, but I couldn't find any. Was anyone able to do that?

Answer 1

When this option of "Accept connections from within public Azure datacenters" is checked, an entry with value 0.0.0.0 is made into the allowed IP Rannges. This 0.0.0.0 IP address basically tells Cosmos DB to accept connections from public Azure datacenters. To block this access, you would simply need to remove 0.0.0.0 ip address from ipRangeFilter.

To get the properties, you will use az cosmos show

az cosmos show --name <cosmosdb-account-name> --resource-group <resource-group-name>`

To update the ip range, you will use az cosmos update

az cosmosdb update  --name <cosmosdb-account-name> --resource-group <resource-group-name> --ip-range-filter "104.42.195.92,40.76.54.131,52.176.6.30,52.169.50.45,52.187.184.26"

The above command will block access to the cosmos db from public Azure data centers but allow access from Azure Portal.

Equivalent commands in Azure PowerShell are Get-AzCosmosDBAccount and Update-AzCosmosDBAccount.

You can read more about it here: https://learn.microsoft.com/en-gb/azure/cosmos-db/how-to-configure-firewall.