Use Azure portal to add Azure Cosmos DB service principal
For successful deployment into an existing virtual network, Azure Managed Instance for Apache Cassandra requires the Azure Cosmos DB service principal with a role (such as Network Contributor) that allows the action Microsoft.Network/virtualNetworks/subnets/join/action. In some circumstances, it may be required to add these permissions manually. This article shows how to do this using Azure portal.
Add Azure Cosmos DB service principal
Sign in to the Azure portal.
Navigate to the target virtual network in your subscription, select the access control tab, and click on
add role assignment:
Search for the
Network Contributorrole, highlight it, then select thememberstab:
Note
You do not need to have a role with permissions as expansive as Network Contributor, this is used as an example for simplicity. You can also create a customer role with narrower permissions, as long as it allows the action
Microsoft.Network/virtualNetworks/subnets/join/actionEnsure that
User, group, or service principalis selected forAssign access to, and then clickSelect membersto search for theAzure Cosmos DBservice principal. Select it in the right hand side window:
Click on the
Review + assigntab at the top, then click theReview + assignbutton at the bottom. The Azure Cosmos DB service principal should now be assigned.
Next steps
In this article, you learned how to assign the Azure Cosmos DB service principal with an appropriate role to a virtual network, to allow managed Cassandra deployments. Learn more about Azure Managed Instance for Apache Cassandra with the following articles:
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for