Using Managed Identities to authenticate with Azure Cosmos DB

We can make authenticated calls to Cosmos DB using System Assigned Managed Identities instead of using connection strings.

In Azure, Managed Identities provide our Azure resources with an identity within Azure Active Directory. We can use this identity to authenticate with any service in Azure that supports Azure AD authentication without having to manage credentials. In Azure Cosmos DB, we can use managed identities to provide resources with the roles and permissions required to perform actions on our data (depending on what role we provide the identity) without having to use any connection strings or access keys to do so.

In this post, I’ll show you how we can use Managed Identities to access our data in Azure Cosmos DB via an Azure Function. In this article, we will cover:

• Why we would use a Managed Identity over a connection string.
• How we can create a Cosmos DB account with a System-Assigned Managed Identity with Bicep
• How we can create an Azure Function with a System-Assigned Managed Identity with Bicep
• Create role assignments in Bicep
• Configure our CosmosClient to use our Managed Identity.