You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-cosmos-db.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ ms.devlang: na
12
12
ms.topic: tutorial
13
13
ms.tgt_pltfrm: na
14
14
ms.workload: identity
15
-
ms.date: 04/10/2018
15
+
ms.date: 01/10/2020
16
16
ms.author: markvi
17
17
ms.collection: M365-identity-device-management
18
18
---
@@ -46,27 +46,27 @@ If you don't already have one, create a Cosmos DB account. You can skip this ste
46
46
5. Ensure the **Subscription** and **Resource Group** match the ones you specified when you created your VM in the previous step. Select a **Location** where Cosmos DB is available.
47
47
6. Click **Create**.
48
48
49
-
## Create a collection in the Cosmos DB account
49
+
## Create a collection
50
50
51
51
Next, add a data collection in the Cosmos DB account that you can query in later steps.
52
52
53
53
1. Navigate to your newly created Cosmos DB account.
54
54
2. On the **Overview** tab click the **+/Add Collection** button, and an "Add Collection" panel slides out.
55
55
3. Give the collection a database ID, collection ID, select a storage capacity, enter a partition key, enter a throughput value, then click **OK**. For this tutorial, it is sufficient to use "Test" as the database ID and collection ID, select a fixed storage capacity and lowest throughput (400 RU/s).
56
56
57
-
## Grant Windows VM system-assigned managed identity access to the Cosmos DB account access keys
57
+
## Grant access
58
58
59
-
Cosmos DB does not natively support Azure AD authentication. However, you can use a system-assigned managed identity to retrieve a Cosmos DB access key from the Resource Manager, and use the key to access Cosmos DB. In this step, you grant your Windows VM system-assigned managed identity access to the keys to the Cosmos DB account.
59
+
This section shows how to grant Windows VM system-assigned managed identity access to the Cosmos DB account access keys. Cosmos DB does not natively support Azure AD authentication. However, you can use a system-assigned managed identity to retrieve a Cosmos DB access key from the Resource Manager, and use the key to access Cosmos DB. In this step, you grant your Windows VM system-assigned managed identity access to the keys to the Cosmos DB account.
60
60
61
61
To grant the Windows VM system-assigned managed identity access to the Cosmos DB account in Azure Resource Manager using PowerShell, update the values for `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>`, and `<COSMOS DB ACCOUNT NAME>` for your environment. Cosmos DB supports two levels of granularity when using access keys: read/write access to the account, and read-only access to the account. Assign the `DocumentDB Account Contributor` role if you want to get read/write keys for the account, or assign the `Cosmos DB Account Reader Role` role if you want to get read-only keys for the account. For this tutorial, assign the `Cosmos DB Account Reader Role`:
New-AzRoleAssignment -ObjectId $spID -RoleDefinitionName "Cosmos DB Account Reader Role" -Scope "/subscriptions/<mySubscriptionID>/resourceGroups/<myResourceGroup>/providers/Microsoft.DocumentDb/databaseAccounts/<COSMOS DB ACCOUNT NAME>"
66
66
```
67
-
## Get an access token using the Windows VM system-assigned managed identity to call Azure Resource Manager
67
+
## Get an access token
68
68
69
-
For the remainder of the tutorial, we will work from the VM we created earlier.
69
+
This section shows how to get an access token using the Windows VM system-assigned managed identity to call Azure Resource Manager. For the remainder of the tutorial, we will work from the VM we created earlier.
70
70
71
71
You will need to install the latest version of [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli) on your Windows VM.
72
72
@@ -93,9 +93,9 @@ You will need to install the latest version of [Azure CLI](https://docs.microsof
93
93
$ArmToken = $content.access_token
94
94
```
95
95
96
-
## Get access keys from Azure Resource Manager to make Cosmos DB calls
96
+
## Get access keys
97
97
98
-
Now use PowerShell to call Resource Manager using the access token retrieved in the previous section to retrieve the Cosmos DB account access key. Once we have the access key, we can query Cosmos DB. Be sure to replace the `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>`, and `<COSMOS DB ACCOUNT NAME>` parameter values with your own values. Replace the `<ACCESS TOKEN>` value with the access token you retrieved earlier. If you want to retrieve read/write keys, use key operation type `listKeys`. If you want to retrieve read-only keys, use the key operation type `readonlykeys`:
98
+
This section shows how to get access keys from Azure Resource Manager to make Cosmos DB calls. Now use PowerShell to call Resource Manager using the access token retrieved in the previous section to retrieve the Cosmos DB account access key. Once we have the access key, we can query Cosmos DB. Be sure to replace the `<SUBSCRIPTION ID>`, `<RESOURCE GROUP>`, and `<COSMOS DB ACCOUNT NAME>` parameter values with your own values. Replace the `<ACCESS TOKEN>` value with the access token you retrieved earlier. If you want to retrieve read/write keys, use key operation type `listKeys`. If you want to retrieve read-only keys, use the key operation type `readonlykeys`:
99
99
100
100
```powershell
101
101
Invoke-WebRequest -Uri 'https://management.azure.com/subscriptions/<SUBSCRIPTION-ID>/resourceGroups/<RESOURCE-GROUP>/providers/Microsoft.DocumentDb/databaseAccounts/<COSMOS DB ACCOUNT NAME>/listKeys/?api-version=2016-03-31' -Method POST -Headers @{Authorization="Bearer $ARMToken"}
0 commit comments