I am using spring boot application which is deployed to aks.
The application connects Azure cosmos db. The connection details are provided in application.yml
I am trying to get rid of connection url and introduce cosmos db managed identity system/user.
Any idea or link to help out how to connect spring boot with cosmos managed identity
• Azure cosmos DB supports managed identity access at system level as well as user-based level. Thus, you can configure managed identity access to azure cosmos DB through a spring boot application hosted in azure AKS cluster by configuring the managed identity for the configured spring boot app as below: -
Go to your cosmos DB account Settings Identity System assigned, or User assigned Save. You can also set azure active directory-based role assignments to the cosmos DB account as well.• If you access your hosted spring boot app in AKS and retrieve the service principal ID for assigning a system managed identity through role assignment to azure cosmos DB for managed identity access, you can run use the following command for assigning the service principal to a parameter, then assign a response, content and ARMToken parameter and then use the access token retrieved earlier to get the access keys to access the cosmos DB.
Note : - Below is a sample command to assign a service principal to a parameter
‘ $spID = (Get-AzVM -ResourceGroupName myRG -Name
myVM).identity.principalid
New-AzRoleAssignment -ObjectId $spID -RoleDefinitionName
"Cosmos DB Account Reader Role" -Scope
"/subscriptions/<mySubscriptionID>/resourceGroups/
<myResourceGroup>/providers/
Microsoft.DocumentDb/databaseAccounts/<COSMOS DB ACCOUNT
NAME>" 'Please find the below links for more information: -
https://docs.microsoft.com/en-us/azure/cosmos-db/managed-identity-based-authentication