Advanced Features
Learn how to fine-tune the network and physical partitions for advanced and demanding scenarios.
We'll cover the following...
Introduction
In this lesson, we’ll quickly see some advanced topics that can help us improve security and cost when dealing with Cosmos DB in production scenarios.
Materialized views
Sometimes, we might need to query the same data differently, which usually means a different partition key. If we frequently query without a partition key, we have poor performance and high cost. The only solution might be duplicating the data in a different container with a new partition key and keeping the copy in sync.
Instead of doing this manually, we can now use the Materialized Views feature, currently in preview. We can specify the source container and query and the target container and partition key.
This way, we don’t need to think about the sync at all, and we can monitor the process from the portal!
{"location": "<write-region>","tags": {},"properties": {"resource": {"id": "<target-container>","partitionKey": {"paths": ["<target-partitionkey-path>"],"kind": "Hash"},"materializedViewDefinition": {"sourceCollectionId": "<source-container>","definition": "<query>"}},"options": {"throughput": "<target-throughput>"}}}
Infrastructure security
On top of good practices for securing access to a database, like using Azure Key Vault or RBAC, we can also restrict physical access and get notified of strange activities.
Network allowlist and firewall
The first thing to do is to limit access to our Cosmos DB account to selected networks. In the “Networking” section, we can allowlist the networks or IP addresses that can access the database.
