Control: Azure > Cosmos DB > Database Account > Key Based Metadata Write Access

Define the Key Based Metadata Write Access settings required for Azure > Cosmos DB > Database Account.

This control checks whether key-based metadata write access is enabled or disabled for Azure Cosmos DB Database Accounts. If the setting does not match the policy requirements, the control will go to an alarm state. If the policy is set to "Enforce: Disabled" or "Enforce: Enabled", the control will attempt to configure the key-based metadata write access setting accordingly.

Resource Types

This control targets the following resource types:

Azure > Cosmos DB > Database Account

Policies

The following policies can be used to configure this control:

Azure > Cosmos DB > Database Account > Key Based Metadata Write Access

Permissions

Cloud permissions used by this control and its actions:

microsoft.documentdb/databaseaccounts/write

In Your Workspace

Developers

Control Type URI

tmod:@turbot/azure-cosmosdb#/control/types/databaseAccountKeyBasedMetadataWriteAccess

Category URI

tmod:@turbot/turbot#/control/categories/security

GraphQL

query controlType(id: "tmod:@turbot/azure-cosmosdb#/control/types/databaseAccountKeyBasedMetadataWriteAccess") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/azure-cosmosdb#/control/types/databaseAccountKeyBasedMetadataWriteAccess'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/azure-cosmosdb#/control/types/databaseAccountKeyBasedMetadataWriteAccess"