Connect CosmosDB via Subnets and define respective connection string

Question

I'm fairly new to azure. I want to build a simple and low cost MongoDB with the Azure Cosmos DB. There I created a VNET with two subnets. Furthermore, I created a public IP address, which should be my endpoint to feed the DB. The first Subnet should act as a firewall (I do not want to use the azure firewall, because it costs at least 720 € per month) with a specific NSG and in the second, the Cosmos DB is connected via an Service endpoint.

Here is an image of my architecture:

The Subnet on the left hand side contains firewall-like rules to improve security.

Here is my question: How can I connect / route from the public endpoint to the CosmosDB via the Subnets. Therefore, I do not want to use VNA / VMs, because with them come a lot of additional work to secure them. And when the connection is established, do I have to change the connection string created by the CosmosDB?

Answer 1

You will need a mechanism for forwarding traffic from the public IP address to the Cosmos DB account. Azure Application Gateway supports that and costs less than €20.00 per month depending on traffic.

Application Gateway could be setup like,

• Add a public IP address for the front end.
• Add the Cosmos DB account FQDN as the back end.
• Create a routing rule to direct HTTPS traffic from the public IP to the Cosmos DB backend.

This modified version of your architecture would be: