'Request originated from VNET through service endpoint. This is blocked by your Cosmos DB account firewall settings

I am working on a closing all of my resources in a private network in Azure, for the time being I have select 3 resources. 1. Function App 2. Azure Cosmos DB 3. Azure Storage Account

I have created an function app with following network settings

enter image description here

I have selected inbound access as open for now. And in outbound access, I have enabled VNET integration with a subnet named app-subnet.

I have created a cosmos DB account for MongoDB API with private end point enabled in same VNET but in different subnet named az-subnet.

Same process I have done for storage account.(using az-subnet)

Now I am able to access storage account from function app, but not cosmos DB.

Error on saving document is

Request originated from VNET through service endpoint. This is blocked by your Cosmos DB account firewall settings

Please help, like exactly what I am missing here.

azure-functionsazure-cosmosdbazure-virtual-network


Solution 1:[1]

You need to Configure the service endpoint for the Azure virtual network and subnet. You can do it in Cosmos DB settings' Firewall and virtual networks option.

Follow below steps:

  1. Select Firewalls and virtual networks from the settings menu, and choose to allow access from Selected networks.

  2. To grant access to an existing virtual network's subnet, under Virtual networks, select Add existing Azure virtual network.

  3. Select the Subscription from which you want to add an Azure virtual network. Select the Azure Virtual networks and Subnets that you want to provide access to your Azure Cosmos DB account. Next, select Enable to enable selected networks with service endpoints for "Microsoft.AzureCosmosDB". When it's complete, select Add. Refer below image.

enter image description here

  1. After the Azure Cosmos DB account is enabled for access from a virtual network, it will allow traffic from only this chosen subnet. The virtual network and subnet that you added should appear as shown in the following screenshot:

enter image description here

Note: Configuring a VNET service endpoint may take up to 15 minutes to propagate and the endpoint may exhibit an inconsistent behavior during this period.

Source: Configure access to Azure Cosmos DB from virtual networks (VNet)

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 UtkarshPal-MT

Related Questions

Need a direct way of implementing Azure spring data cosmos db query implementation for a nested parameter

How to prevent data factory from running out Cosmos DB RU/s

How to order results of a query by the results of an aggregate function in ComosDb?

Check if parameter is null in CosmosDB query

Get all the Partition Keys in Azure Cosmos DB collection

How atom-record-sequence (ARS) helps CosmosDB to be Multimodel?

Azure cosmosdb reservation

CosmosDB emulator can't start since port is already in use

Azure Cosmos DB - Understanding Partition Key

Azure Stream Analytics CreateOrReplace Transformation Conflict or Bad Request

Provision throughput on Database level using Table API in cosmos db

Entity Framework Core 5 and CosmosDB SQL API - Include extension method does not work

React executing code before the previous function call has finished

azure-cosmos-emulator hangs when I try to create a database

Is it possible to create a new Gremlin Graph DB and Graph using c# code