Ensure to filter source Ips for Cosmos DB Account

When you access your Azure Cosmos DB account from a computer on the internet, the client IP address or IP address range of the machine must be added to the allowed list of IP addresses for your account.

Risk Level: Medium
Cloud Entity: Azure Cosmos DB
CloudGuard Rule ID: D9.AZU.NET.23
Covered by Spectral: Yes
Category: Database


CosmosDbAccount should have ipRangeFilter


Azure Console

  1. Go to Azure CosmoDB
  2. For each CosmoDB
  3. Click on Firewall and virtual networks
  4. Select 'Selected Networks'
  5. Under Firewall, add IP ranges to allow access from the internet or your on-premises networks

Azure Cosmos DB

Azure Cosmos DB is a fully managed database service with turnkey global distribution and transparent multi-master replication. You can run globally distributed, low-latency operational and analytics workloads and AI on transactional data within your database.

Compliance Frameworks

  • Azure CloudGuard Best Practices
  • Azure CloudGuard CheckUp
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset