Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Enable Cross-Region Replication for MongoDB Clusters

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Medium (should be achieved)

To enforce cross-region disaster recovery (DR) protection and read scalability across Azure cloud regions, ensure that the Cross-Region Replication feature is enabled and configured for your Microsoft Azure Cosmos DB for MongoDB clusters.

Reliability
Performance
efficiency

Cross-region replication enables the asynchronous copying of data from your primary Azure Cosmos DB for MongoDB cluster to a read-only replica in a different Azure cloud region. In the event of a regional outage, this replica can be promoted to a new read-write primary cluster, allowing applications to maintain their existing connection strings for continuous operation.

Audit

To determine if cross-region replication is enabled your Azure Cosmos DB for MongoDB clusters, perform the following operations:

Using Azure Portal

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cosmos DB for MongoDB for Value, then choose Apply to list the Azure Cosmos DB accounts available in the selected subscription.

05 Click on the name (link) of the Azure Cosmos DB for MongoDB account that you want to examine.

06 In the resource navigation panel, under Settings, choose Global distribution to access the cross-region replication settings available for the selected Cosmos DB account.

07 On the Global distribution page, check the Read replica attribute value to identify the name of the read replica used by the selected cluster. If Read replica is set to Not Enabled and the following message is displayed: This cluster doesn't support cross-region replication, the Cross-Region Replication feature is not enabled for the selected Azure Cosmos DB for MongoDB cluster.

08 Repeat steps no. 5 – 7 for each Azure Cosmos DB account available in the selected subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created within your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run cosmosdb mongocluster list command (Windows/macOS/Linux) with custom query filters to list the name and the associated resource group for each Azure Cosmos DB for MongoDB account available in the selected subscription: 

az cosmosdb mongocluster list
	--output table
	--query '[*].{name:name, resourceGroup:resourceGroup}'

05 The command output should return the requested Cosmos DB account identifiers: 

Name                          ResourceGroup
---------------------------   ------------------------------
cc-project5-cosmos-database   cloud-shell-storage-westeurope
cc-cosmos-mongodb-account     cloud-shell-storage-westeurope

06 Run az cosmosdb mongocluster show command (Windows/macOS/Linux) with the name of the Azure Cosmos DB for MongoDB account that you want to examine as the identifier parameter and custom output filters to describe the cross-region replication settings configured for the selected Cosmos DB account: 

az cosmosdb mongocluster show
	--cluster-name cc-project5-cosmos-database
	--resource-group cloud-shell-storage-westeurope
	--query 'properties.replica'

07 The command output should return the requested configuration information: 

{
	"role": "Primary",
	"replicationState": "Active"
}

If the cosmosdb mongocluster show command output does not return "Primary" for "role" and "Active" for "replicationState", the Cross-Region Replication feature is not enabled for the selected Azure Cosmos DB for MongoDB cluster.

08 Repeat steps no. 6 and 7 for each Azure Cosmos DB account available within the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To enable cross-region replication for your Microsoft Azure Cosmos DB for MongoDB accounts, perform the following operations:

Enabling cross-region replication for Microsoft Azure Cosmos DB for MongoDB accounts using Azure Command Line Interface (Azure CLI) is not currently supported.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cosmos DB for MongoDB for Value, then choose Apply to list the Azure Cosmos DB accounts available in the selected subscription.

05 Click on the name (link) of the Azure Cosmos DB for MongoDB account that you want to configure.

06 In the resource navigation panel, under Settings, choose Global distribution to access the cross-region replication settings available for the selected Cosmos DB account.

07 On the Global distribution page, choose + Add new read replica, and perform the following actions to set up cross-region replication for the selected MongoDB cluster:

  1. Provide a unique name for the necessary replica in the Read replica name box.
  2. Select the appropriate region from the Read replica region dropdown list. The replica cluster is hosted in the selected Azure cloud region.
  3. Choose Save to confirm replica creation.
  4. (Optional) To promote the cluster replica, choose Promote, and select again Promote for confirmation. After the cluster replica is promoted, it becomes a readable and writable MongoDB cluster.

08 Repeat steps no. 5 – 7 for each Azure Cosmos DB account that you want to configure, available in the selected subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created within your Microsoft Azure cloud account.

References

Publication date May 28, 2025

Related CosmosDB rules