Detections
Analytics

Ensure that automatic failover is enabled for Azure CosmosDB Account

MEDIUM

Description

Disabling automatic failover can impact data in Azure CosmosDB Account, if regional disasters happen.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Cosmos DB.
  2. Select the Cosmos DB account you wish to edit.
  3. Under Settings, choose Replicate data globally.
  4. Enable and configure as needed.

In Terraform -

  1. In the azurerm_cosmosdb_account resource, set enable_automatic_failover to true.

References:
https://learn.microsoft.com/en-us/azure/cosmos-db/high-availability
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account#enable_automatic_failover

Policy Details

Rule Reference ID: AC_AZURE_0347
CSP: Azure
Remediation Available: Yes
Domain: Data Protection
Resource: azurerm_cosmosdb_account
Resource Category: Database
Resource Type: Cosmos DB Account

Frameworks