Skip to content

Governance Transforms Cosmos Db

Jump to bottom
Joshua Davis edited this page Apr 6, 2026 · 2 revisions

Cosmos Db

Automatic corrections for Cosmos DB ARM schema fabrications

Domain: data

Checks (2)

Check Description
TFM-CDB-001 Replace capacityMode with EnableServerless capability
TFM-CDB-002 Inject backupPolicy for serverless Cosmos DB accounts

TFM-CDB-001

Replace capacityMode with EnableServerless capability

Rationale: The Cosmos DB ARM schema does not have a capacityMode property. Setting it is silently ignored and serverless mode is not activated. The correct pattern uses capabilities with EnableServerless.
Agents: terraform-agent, bicep-agent

Targets

  • Microsoft.DocumentDB/databaseAccounts

Type: Regex
Search: 'capacityMode\s*=\s*"[Ss]erverless"'
Replace: 'capabilities = [{ name = "EnableServerless" }]'

TFM-CDB-002

Inject backupPolicy for serverless Cosmos DB accounts

Rationale: Serverless Cosmos DB accounts require backupPolicy.type = Continuous. ARM rejects Periodic for serverless, and omitting backupPolicy entirely causes undefined behavior on some API versions.
Agents: terraform-agent, bicep-agent

Targets

  • Microsoft.DocumentDB/databaseAccounts

Type: Regex
Search: '(capabilities\s*=\s*\[\s*\{\s*name\s*=\s*"EnableServerless"\s*\}\s*\])(?!\s*\n\s*backupPolicy)'
Replace: '\1 backupPolicy = { type = "Continuous" continuousModeProperties = { tier = "Continuous7Days" } } '

Home

Getting Started

Stages

Interfaces

Configuration

Agent System

Features

Quality

Help

Governance

Policies — Azure

AI Services

Compute

Data Services

Identity

Management

Messaging

Monitoring

Networking

Security

Storage

Web & App

Policies — Well-Architected

Reliability

Security

Cost Optimization

Operational Excellence

Performance Efficiency

Integration

Anti-Patterns
Standards

Application

IaC

Principles

Transforms

Clone this wiki locally