Use the Azure portal to add Azure Cosmos DB service principal

For successful deployment into an existing virtual network, Azure Managed Instance for Apache Cassandra requires the Azure Cosmos DB service principal with a role (such as Network Contributor) that allows the action Microsoft.Network/virtualNetworks/subnets/join/action. In some circumstances, you might be required to add these permissions manually. This article shows you how to use the Azure portal to assign the Azure Cosmos DB service principal.

Add Azure Cosmos DB service principal

1. Sign in to the Azure portal.

2. Go to the target virtual network in your subscription, select Access control (IAM), and then select Add role assignment.

   

3. Search for the Network Contributor role, highlight it, and then select the Members tab.

   

   Note

   You don't need to have a role with permissions as expansive as Network Contributor. This example is used for simplicity. You can also create a customer role with narrower permissions, as long as it allows the action Microsoft.Network/virtualNetworks/subnets/join/action.

4. Ensure that User, group, or service principal is selected for Assign access to. Then click Select members to search for the Azure Cosmos DB service principal. Select it in the pane on the right.

   

5. Select the Review + assign tab, and then select Review + assign. The Azure Cosmos DB service principal is now assigned.

   

Related content

In this article, you learned how to assign the Azure Cosmos DB service principal with an appropriate role to a virtual network, to allow managed Cassandra deployments. Learn more about Azure Managed Instance for Apache Cassandra with the following articles:

• Overview of Azure Managed Instance for Apache Cassandra
• Manage Azure Managed Instance for Apache Cassandra resources by using the Azure CLI