Search code examples
azureazure-cosmosdb

Access Cosmos DB using VNet from another tenant

We have a Cosmos DB with restricted firewall access to specific VNets. We are looking for a way to enable access to the DB for a VNet that is not in the same tenant (i.e. cross-tenant). However, when attempting to add an existing virtual network to the whitelist, it is only providing a possibility to choose a VNet from the current tenant. CosmosDbNetworkingSettingView

Is there a way to whitelist a VNet from another tenant?

Solution

  • It's not clear if you own the other tenant or not, but as @Chris Schaller said in the comments, you need to setup a VPN in order to connect a VNET to another VNET from different tenants.

    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal