Forum Discussion

nitinrahim's avatar
nitinrahim
Brass Contributor
Sep 28, 2023

Azure Synapse Link for Cosmos Db

Hi Azure Cosmos Db Team,   When accessing Cosmos Db with private endpoint from serverless sql pools in synapse workspace, I was getting the below error. Resolving CosmosDB path has failed with err...
nitinrahim's avatar
nitinrahim
Brass Contributor
Oct 02, 2023
Hi Team,

Was just following up to see if the team has any inputs regarding the same?

With Regards,
Nitin Rahim
SaranyaSriram's avatar
SaranyaSriram
Icon for Microsoft rankMicrosoft
Oct 03, 2023

nitinrahim 

 

The steps are documented here https://learn.microsoft.com/en-us/azure/cosmos-db/analytical-store-private-endpoints#using-synapse-serverless-sql-pools

We should add synapse workspace to networkaclbypasslist. SQL serverless in Synapse is not in a managed VNet. We cant extend PrivateEndpoints to SQL serverless. Customer should allow Synapse WorkSpace to access Cosmos DB account by specifying the WS name in networkaclbypass list. 

  • nitinrahim's avatar
    nitinrahim
    Brass Contributor
    Oct 03, 2023

    Thanks Saranya for the response.I did that particular step as well. However I still get the access forbidden message when running the below query from serverless sql pool to access the test1 container. Was checking if the private endpoint from cosmos db for 'analytical store' also has to be setup?If yes is there a specific documentation pertaining to the same. Synapse Link has been enabled for this contaner.

    SELECT *
    FROM OPENROWSET(​PROVIDER = 'CosmosDB',
    CONNECTION = 'Account=testaccount;Database=testdatabase',
    OBJECT = 'testcontainer',
    SERVER_CREDENTIAL = 'testcredential')
    AS [testcontainer]

    With Regards,
    Nitin Rahim

    • AnithaA's avatar
      AnithaA
      Copper Contributor
      Oct 03, 2023
      Hi Nitin, I am a PM In Cosmos DB team, working on Synapse Link. Sorry for the inconvenience you are facing. Could you please share the network acl bypass command you've set? Are Cosmos DB account and Synapse WS in same AD tenant? You've mentioned test1container in the msg and the select command seems to be connecting to testcontainer - are they from the same account on which you've set the aclbypass?
      • nitinrahim's avatar
        nitinrahim
        Brass Contributor
        Oct 03, 2023

        Hi Anitha,

        Thank you for your response.

        The names mentioned in the query are just a reference. Made sure correct parameters are being used in the select statement while development in the same account. Please find below the network acl bypass command i set from Azure Powershell.Mycosmosdatabase is the cosmosdatabsename,MyResourceGroupofcosmosdatabase is the resource group of the cosmos database and Myworkspacename is the synpase workspace name.Not actual names used but for documenting here.Also Anitha, the cosmos database and the Synapse workspace are in the same tenant.


        Update-AzCosmosDBAccount -Name Mycosmosdatabase -ResourceGroupName MyResourceGroupofcosmosdatabase -NetworkAclBypass AzureServices -NetworkAclBypassResourceId "/subscriptions/subId/resourceGroups/rgName/providers/Microsoft.Synapse/workspaces/Myworkspacename"


        With Regards,
        Nitin Rahim

Resources