How to configure VNET to protect cosmos DB but allow access from public Azure App Service Web App using bicep
My bicep script creates a cosmos db and azure app service web app that accesses the cosmos db.
The web app must be available to the public internet but the cosmos db should only be available to the specified IPs of a few developers and the web app.
Can someone point me to a tutorial on how enhance my bicep script to protect my cosmos db with a VNET?
Thanks
Siegfried
2022 Apr 26 Update:
I think I found the solution here: stack overflow and I tried (and failed) to implement it here: deploy.bicep
Line 313 looked like this:
virtualNetworkSubnetId: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().id}/providers/Microsoft.Network/virtualNetworks/${virtualNetworkName_resource.name}/subnets/${virtualNetworkName_resource.properties.subnets[0].name}'
I got this error:
ERROR: {"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{
\"Code\": \"BadRequest\",
\"Message\": \"The parameter SubnetResourceUri has an invalid value.\",
\"Target\": null,
\"Details\": [
{
\"Message\": \"The parameter SubnetResourceUri has an invalid value.\"
},
{
\"Code\": \"BadRequest\"
},
{
\"ErrorEntity\": {
\"ExtendedCode\": \"51008\",
\"MessageTemplate\": \"The parameter {0} has an invalid value.\",
\"Parameters\": [
\"SubnetResourceUri\"
],
\"Code\": \"BadRequest\",
\"Message\": \"The parameter SubnetResourceUri has an invalid value.\"
}
}
],
\"Innererror\": null
I have since changed the last part to .../subnets/${subnetname} (as in the link) but that did not help (similar error message).
** 2022 May 5 Thu Update:**
I have created azure support incident to further pursue this problem.