We are looking to secure our Cosmos DB accounts by restricting access to selected subnets in our virtual network as described in the documentation.
In testing, it works as described. I must connect to the VPN Gateway to gain access to the Virtual Network, log on to a VM within the allowed subnet, then I can access the Cosmos data.
My question: Is it possible to skip the "middle man" here and just connect to Cosmos by connecting to the VPN Gateway? While I am connected to the gateway, my requests to Cosmos are still routed through the public internet and are blocked. I have given the gateway subnet access to the Cosmos account, but it still fails. I'm just trying to make sure there isn't something I could configure that would easily allow this access. If we have to connect to a VM within the virtual network for access, and that is how it was designed, then so be it.