0

I created a Private Link connection between an Azure VM and a CosmosDB MongoDB Account.

In order to clear out the need for token authentication and taking into account the best practices, I assigned a custom role to the Virtual Machine which has permissions to read and write to CosmosDB.

Now I am trying to connect the VM to CosmosDB using Python (pymongo) without any type of authentication on the uri string. Nevertheless, I am having auth errors and I cannot seem to find any relevant example or information regarding this matter.

Is there any way to achieve this? If not, what are my alternatives? Must I use tokens even with a private link?

João
  • 177
  • 4
  • 15
  • 1
    Private link/endpoint is to ensure that traffic doesn't flow over the internet but over your network(Vnet defined by you) and this is a best practice to secure access to your CosmosDB. The custom roles is for authorization. But you still need to authenticate. And for this, tokens are required. – Anupam Chand Sep 15 '21 at 02:37
  • Thank you, in AWS roles give resources authorization for other resources. Hence, my question, there could be something similiar in azure. – João Sep 15 '21 at 09:31
  • Apologies, I think I misunderstood the question. You can avoid tokens by creating a service principal for your VM and then assign the appropriate RBAC to the service principal. The .NET, javascript and java Cosmos SDK have this capability. Python SDK does not. You can refer to this. https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#initialize-the-sdk-with-azure-ad. – Anupam Chand Sep 15 '21 at 10:15
  • Thank you for this update, I will have to go with tokens since I am using python to connect with cosmos – João Sep 16 '21 at 14:15

1 Answers1

0

@Anupam Chand Thank you for your response in the comment section.

Yes, We Can avoid tokens by creating a service principal for your VM and then assign the appropriate RBAC to the service principal. At present .NET , Java and JavaScript SDKs are currently supported. Python SDK not yet available.

JayakrishnaGunnam-MT
  • 1,548
  • 1
  • 5
  • 9