How to configure VNET to protect cosmos DB but allow access from public Azure App Service Web App using bicep

Siegfried Heintze 1,861 Reputation points
2022-04-15T04:10:10.127+00:00

My bicep script creates a cosmos db and azure app service web app that accesses the cosmos db.

The web app must be available to the public internet but the cosmos db should only be available to the specified IPs of a few developers and the web app.

Can someone point me to a tutorial on how enhance my bicep script to protect my cosmos db with a VNET?

Thanks

Siegfried

2022 Apr 26 Update:

I think I found the solution here: stack overflow and I tried (and failed) to implement it here: deploy.bicep

Line 313 looked like this:

     virtualNetworkSubnetId: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().id}/providers/Microsoft.Network/virtualNetworks/${virtualNetworkName_resource.name}/subnets/${virtualNetworkName_resource.properties.subnets[0].name}'

I got this error:

ERROR: {"status":"Failed","error":{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{
\"Code\": \"BadRequest\",
\"Message\": \"The parameter SubnetResourceUri has an invalid value.\",
\"Target\": null,
\"Details\": [
{
\"Message\": \"The parameter SubnetResourceUri has an invalid value.\"
},
{
\"Code\": \"BadRequest\"
},
{
\"ErrorEntity\": {
\"ExtendedCode\": \"51008\",
\"MessageTemplate\": \"The parameter {0} has an invalid value.\",
\"Parameters\": [
\"SubnetResourceUri\"
],
\"Code\": \"BadRequest\",
\"Message\": \"The parameter SubnetResourceUri has an invalid value.\"
}
}
],
\"Innererror\": null

I have since changed the last part to .../subnets/${subnetname} (as in the link) but that did not help (similar error message).

** 2022 May 5 Thu Update:**

I have created azure support incident to further pursue this problem.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,230 questions
Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,500 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,171 questions
{count} votes