Databases
Azure provides fully managed databases — relational and NoSQL — that handle patching, backups, high availability, and scaling.
Azure SQL
Section titled “Azure SQL”Azure SQL is the managed version of Microsoft SQL Server. It comes in three deployment options:
| Option | What It Is | Best For |
|---|---|---|
| Azure SQL Database | Single database (serverless or provisioned) | New cloud-native apps |
| Elastic Pool | Multiple databases sharing resources | SaaS apps (one DB per tenant) |
| SQL Managed Instance | Near-complete SQL Server compatibility | Lift-and-shift of on-prem SQL Server |
Creating an Azure SQL Database
Section titled “Creating an Azure SQL Database”# Create a server (logical container for databases)az sql server create \ --resource-group myapp-rg \ --name my-sql-server \ --admin-user sqladmin \ --admin-password 'S3cure!Pass123'
# Create a databaseaz sql db create \ --resource-group myapp-rg \ --server my-sql-server \ --name myappdb \ --edition GeneralPurpose \ --compute-model Serverless \ --auto-pause-delay 60 \ --min-capacity 0.5
# Allow Azure services to connectaz sql server firewall-rule create \ --resource-group myapp-rg \ --server my-sql-server \ --name AllowAzure \ --start-ip-address 0.0.0.0 \ --end-ip-address 0.0.0.0Service Tiers
Section titled “Service Tiers”| Tier | Compute | Best For |
|---|---|---|
| General Purpose | Balanced (standard SSD) | Most workloads |
| Business Critical | High IOPS (local SSD, built-in read replica) | Low-latency, mission-critical |
| Hyperscale | Scale up to 100 TB, near-instant backups, up to 4 read replicas | Very large databases |
Serverless Compute
Section titled “Serverless Compute”Azure SQL’s serverless tier auto-scales and can pause when idle:
No activity ──► Auto-pause (60 min default) ──► $0 compute cost │Traffic arrives ──► Auto-resume (~1 min) ──► Scale upYou pay for storage when paused, but not compute. Great for dev/test and variable workloads.
High Availability
Section titled “High Availability”| Tier | HA Method | Failover |
|---|---|---|
| General Purpose | Remote storage replicas | Managed failover (~30s) |
| Business Critical | Always On (local replicas, built-in read) | Automatic (~30s) |
| Hyperscale | Multiple compute replicas | Automatic, read replicas always available |
Geo-Replication
Section titled “Geo-Replication”# Create a readable geo-replica in another regionaz sql db replica create \ --resource-group myapp-rg \ --server my-sql-server \ --name myappdb \ --partner-server my-sql-server-eu \ --partner-resource-group myapp-eu-rgUse auto-failover groups for automatic DNS-based failover between regions.
Security
Section titled “Security”| Feature | How to Enable |
|---|---|
| Private endpoint | Access via private IP in your VNet |
| Encryption at rest | Transparent Data Encryption (TDE) — on by default |
| Encryption in transit | TLS — enforced by default |
| Azure AD authentication | Login with Entra ID instead of SQL credentials |
| Dynamic data masking | Mask sensitive columns from non-privileged users |
| Auditing | Log all database operations to Storage or Log Analytics |
| Advanced Threat Protection | Detect SQL injection, anomalous access |
Cosmos DB
Section titled “Cosmos DB”Azure Cosmos DB is a globally distributed, multi-model NoSQL database. It’s Azure’s answer to DynamoDB — but more flexible, supporting multiple APIs and data models.
APIs (Data Models)
Section titled “APIs (Data Models)”| API | Data Model | When to Use |
|---|---|---|
| NoSQL (native) | JSON documents | New apps, most flexible |
| MongoDB | MongoDB-compatible documents | Migrating from MongoDB |
| Cassandra | Wide-column | Migrating from Cassandra |
| Gremlin | Graph | Social networks, knowledge graphs |
| Table | Key-value | Migrating from Azure Table Storage |
| PostgreSQL | Relational (distributed) | Distributed PostgreSQL (Citus) |
Core Concepts
Section titled “Core Concepts”Cosmos DB Account └── Database: myapp └── Container: orders (like a table/collection) ├── Item: {id: "1", customer: "alice", amount: 50} ├── Item: {id: "2", customer: "bob", amount: 30} └── Partition key: /customer| Concept | What It Is |
|---|---|
| Account | Top-level resource. Choose API, regions, and consistency. |
| Database | Logical grouping of containers. |
| Container | Where data lives (like a table). Has a partition key and throughput. |
| Item | A single document/row (up to 2 MB). |
| Partition key | Determines data distribution. Choose a high-cardinality key. |
Creating a Cosmos DB Container
Section titled “Creating a Cosmos DB Container”# Create accountaz cosmosdb create \ --name mycosmosacct \ --resource-group myapp-rg \ --locations regionName=eastus failoverPriority=0 \ --locations regionName=westeurope failoverPriority=1
# Create databaseaz cosmosdb sql database create \ --account-name mycosmosacct \ --resource-group myapp-rg \ --name myapp
# Create containeraz cosmosdb sql container create \ --account-name mycosmosacct \ --resource-group myapp-rg \ --database-name myapp \ --name orders \ --partition-key-path /customer \ --throughput 400Throughput Models
Section titled “Throughput Models”| Model | How It Works | Best For |
|---|---|---|
| Provisioned | Set RU/s (Request Units per second) | Predictable traffic |
| Autoscale | Scales between min and max RU/s | Variable traffic |
| Serverless | Pay per request (no provisioned RU/s) | Dev/test, low/intermittent traffic |
Request Units (RU): A single point read (1 KB item by ID + partition key) costs 1 RU. Writes cost ~5-10 RU. Complex queries cost more.
Global Distribution
Section titled “Global Distribution”Cosmos DB’s killer feature — multi-region, active-active replication with single-digit ms latency:
Write in East US ──► replicate ──► West Europe (read replica) ──► Southeast Asia (read replica)Enable multi-region writes for active-active (writes in any region).
Consistency Levels
Section titled “Consistency Levels”| Level | Guarantee | Latency | Use Case |
|---|---|---|---|
| Strong | Linearizable (latest write always) | Highest | Financial transactions |
| Bounded staleness | Reads lag by at most N versions or T time | High | Leaderboards, metrics |
| Session (default) | Read-your-own-writes within a session | Moderate | Most applications |
| Consistent prefix | Reads are in order but may lag | Low | Chat, activity feeds |
| Eventual | No ordering guarantee | Lowest | Counters, non-critical |
Python SDK Example
Section titled “Python SDK Example”from azure.cosmos import CosmosClient
client = CosmosClient("https://mycosmosacct.documents.azure.com", credential)database = client.get_database_client("myapp")container = database.get_container_client("orders")
# Createcontainer.upsert_item({ "id": "order-001", "customer": "alice", "amount": 49.99, "status": "shipped"})
# Read (point read — 1 RU)item = container.read_item("order-001", partition_key="alice")
# Queryresults = container.query_items( "SELECT * FROM orders o WHERE o.customer = @customer AND o.amount > @min", parameters=[ {"name": "@customer", "value": "alice"}, {"name": "@min", "value": 20} ], partition_key="alice")Azure Database for PostgreSQL / MySQL
Section titled “Azure Database for PostgreSQL / MySQL”Managed PostgreSQL and MySQL — equivalent to AWS RDS.
Deployment Options
Section titled “Deployment Options”| Option | What It Is | Best For |
|---|---|---|
| Flexible Server (recommended) | Zone-redundant HA, burstable compute, stop/start | Most workloads |
| Single Server (legacy) | Basic managed PostgreSQL/MySQL | Existing deployments |
Creating a PostgreSQL Flexible Server
Section titled “Creating a PostgreSQL Flexible Server”az postgres flexible-server create \ --resource-group myapp-rg \ --name my-postgres \ --admin-user pgadmin \ --admin-password 'S3cure!Pass123' \ --sku-name Standard_D2s_v3 \ --tier GeneralPurpose \ --storage-size 128 \ --version 16 \ --high-availability ZoneRedundantKey Features
Section titled “Key Features”| Feature | Detail |
|---|---|
| HA | Zone-redundant (standby in another AZ, automatic failover) |
| Read replicas | Up to 10 replicas (async, cross-region supported) |
| Backups | Automatic daily, 7–35 day retention, point-in-time restore |
| Stop/Start | Pause dev servers to save costs |
| VNet integration | Private access via VNet (no public IP) |
| Entra ID auth | Authenticate with managed identities |
Choosing a Database
Section titled “Choosing a Database”| Scenario | Choose |
|---|---|
| SQL Server migration / .NET ecosystem | Azure SQL |
| PostgreSQL or MySQL workload | Azure Database for PostgreSQL/MySQL |
| Global distribution, multi-model NoSQL | Cosmos DB |
| Key-value at massive scale, simple access | Cosmos DB (NoSQL API) |
| Document database (MongoDB compatible) | Cosmos DB (MongoDB API) |
| Graph queries | Cosmos DB (Gremlin API) |
| In-memory caching | Azure Cache for Redis |
| Data warehouse / analytics | Azure Synapse Analytics |
Key Takeaways
Section titled “Key Takeaways”- Azure SQL is managed SQL Server. Use the serverless tier for variable workloads (auto-pause saves costs). Business Critical tier for low-latency production.
- Cosmos DB is globally distributed NoSQL with multiple APIs. Choose the right consistency level and partition key. Pay per RU.
- Azure Database for PostgreSQL/MySQL (Flexible Server) is the equivalent of AWS RDS — zone-redundant HA, read replicas, point-in-time restore.
- Use Private Endpoints to access databases over private IPs. Use Entra ID authentication where supported.
- Always enable encryption at rest, automated backups, and restrict access via NSGs or Private Endpoints.