Azure Cosmos DB for MongoDB Setup Guide
Follow these instructions to connect your Azure Cosmos DB for MongoDB database to your destination using Fivetran.
NOTE: We only support Request Unit (RU)-based Azure Cosmos DB for MongoDB accounts with version 3.6 and above.
Setup instructions
Choose connection method
Decide whether to connect Fivetran to your Azure Cosmos DB for MongoDB database directly or using a private link.
Connect directly (TLS enabled)
Fivetran connects directly to your Azure Cosmos DB for MongoDB database. This is the simplest method. To connect directly, configure your firewall and/or other access control systems to allow incoming connections to your database from Fivetran's IPs for your cluster region. For more information, see Azure Cosmos DB's Security documentation.
Log in to the Microsoft Azure portal.
Navigate to the Azure Cosmos DB for MongoDB database you want to replicate.
On the left navigation menu, select Networking.
Choose the Selected networks option and safelist Fivetran's IP addresses in your firewall. For more information, follow Microsoft's instructions on how to configure the IP policy.
Connect using Azure Private Link
IMPORTANT: You must have a Business Critical plan to use Azure Private Link.
Azure Private Link allows Virtual Networks (VNets) and Azure-hosted or on-premises services to communicate with one another without exposing traffic to the public internet. For more information, see Microsoft's Azure Private Link documentation.
See our Azure Private Link setup guide to configure Private Link for your Azure Cosmos DB for MongoDB deployment.
Find host identifiers
In the Microsoft Azure Portal, navigate to the Azure Cosmos DB for MongoDB database you want to replicate.
On the left navigation menu, select Connection strings.
Go to the Read-only Keys tab and copy the PRIMARY CONNECTION STRING.
NOTE:
Optionally, you can specify the read preference in the connection string based on your priority, for example,
mongodb://<host-name>:<port>/?readPreference=secondary.
Read Preference Priority secondaryPreferred(default)Optimal performance primaryPreferredorsecondaryPreferredHigh availability nearestOptimal performance for geographically distributed data If you use the
primary/primaryPreferredread preference, it may affect the operational performance of your database.
Allow database access
In the Microsoft Azure Portal, on the top right panel, click Cloud Shell to open the Azure Command-Line Interface (CLI).
TIP: Alternatively, you can download the Azure CLI from the How to install the Azure CLI page.
Enable the Role-Based Access Control (RBAC) capability on your existing API for the Azure Cosmos DB for MongoDB account by running the following command:
az cosmosdb create -n <account_name> -g <azure_resource_group> --kind MongoDB --capabilities EnableMongoRoleBasedAccessControlTIP: Alternatively, RBAC can also be enabled through the features tab in the Azure portal.
Create a role definition for the new Fivetran user you want to create by running the following command:
az cosmosdb mongodb user definition create --account-name <account-name> --resource-group <resource-group-name> --body '{ "Id": "<authentication-database-name>.<fivetran-user>", "UserName": "<fivetran-user>", "Password": "<password>", "DatabaseName": "<authentication-database-name>", "CustomData": "Some_Random_Info", "Mechanisms": "SCRAM-SHA-256", "Roles": [{ "Role": "read", "Db": "<authentication-database-name>" }] }'
Additionally, you must grant read permissions to the Fivetran user for each database you want to sync. Do the following:
Open the Azure Command-Line Interface (CLI).
Run the following command for each database that you want to sync:
az cosmosdb mongodb user definition create --account-name <account-name> --resource-group <resource-group-name> --body '{
"Id": "<your-database-name>.<fivetran-user>",
"UserName": "<fivetran-user>",
"Password": "<password>",
"DatabaseName": "<your-database-name>",
"CustomData": "Some_Random_Info",
"Mechanisms": "SCRAM-SHA-256",
"Roles": [{
"Role": "read",
"Db": "<your-database-name>"
}]
}'
NOTE: Provide the same username and password you used for the Fivetran user.
For more information, see Azure Cosmos DB for MongoDB's Configuring RBAC documentation.
Finish Fivetran configuration
In your connector setup form, enter a Destination schema prefix. This prefix applies to each replicated schema and cannot be changed once your connector is created.
In the Host and ports field, enter the host identifiers you found in Step 2.
Enter the Fivetran-specific User and its Password that you created in Step 3.
Enter the source database name to be used for authentication. The user must have access to read from this database.
Choose your Connection Method.
Select your Pack mode.
Click Save & Test. Fivetran tests and validates our connection to your Azure Cosmos DB for MongoDB deployment. Upon successful completion of the setup tests, you can sync your data using Fivetran.
Setup tests
Fivetran performs the following tests to ensure that we can connect to your Azure Cosmos DB for MongoDB deployment and that it is properly configured:
- The Validate Host Test validates the database credentials you provided in the setup form. It then verifies that the database host is not private and checks that we can connect to the host.
- The Validating Certificate Test generates a pop-up window where you must choose which certificate you want Fivetran to use. Select the root certificate to trust all the configured hosts. It then validates that certificate and checks that we can connect to your database using TLS.
- The Connecting to Host Test connects to your database instance and checks if we can access the schemas in your database.
- The Database Access Test verifies if we have the permissions to query at least one collection.
- The Change Stream Access Test checks if we can access the collection level change streams.
NOTE: The tests may take a few minutes to finish running.
Related articles
description Connector Overview
account_tree Schema Information
assignment API Connector Configuration