Imagine you joined a company that has been migrating to the cloud. This movement takes place organically between different sectors, leading to a lack of awareness of what has been created and where everything is. Inability to easily determine who owns resources. In some cases, critical resources are accidentally removed and there is no mechanism to handle all of these things. Your task is to put some orders in your resources. So, Azure Resource Manager (ARM) is the best option to make it better. Azure Resource Manager has many features for organizing resources, managing standards and protecting critical Azure Resources from accidental deletions. Today, I will walk through these features.
What are Resource Groups?
Resource Groups are the basic elements of the Azure Platform. A resource group is a logical container of the resources deployed on Azure. Resources are anything you create in Azure Subscription. All resources must be in a resource group and the resource can only be a member of a single Resource Group. Resources can be moved between Resource Groups at any time. Resource Group cannot be nested. You can create a resource group using the following methods:
- Azure Portal
- Azure CLI
- Azure PowerShell
- Resource Manager Templates
- SDK’s
So, using Resource Groups, your resources are more organized than before. But what if resources have multiple uses, how we provide better search, filter and organize these resources. Tags may be helpful when you want to improve resource filters.
What are Tags?
Tags are (name/value) pairs text data that you can implement to resource and resource groups allow you to add custom details. Resources can contain up to 15 tags. The name of all types of resources is limited to 512 characters excepts for storage accounts. Storage accounts name characters are limited to 128 characters. For all type of Resources, tag values are limited to 256 characters. All Resource types do not support tags. The tag is not inherited from the parent resource, you need to apply tags to every supported resource that you need to tag.
Tags can be handled through the following methods:
- Azure Portal
- Azure CLI
- Azure PowerShell
- Resource Manager Templates
- Rest API
You better organize your resources in resource groups and have applied tags to use them but how do you make sure your resources following the rules. Let’s see how the Azure Policy can help you implement.
What is Azure Policy?
Azure Policy is a service that can be used to create, assign and manage policies. Their policies are the rules that your resources need to follow. Policies may be like allowing only certain types of resources to be created, allow resources to be deployed in a specific zone, enforce naming standard many more. Policies can be created and assigned through the following methods:
- Azure Portal
- Azure CLI
- Azure PowerShell
Now, how to assign Roles for someone that need to manage Settings, for someone that have read-only access and someone needs to control them completely. Using Role-Based Access Control (RBAC), you will achieve your requirement.
What is the Role Based Access Control (RBAC)?
Role-Based Access Control allows specific permissions to the users to perform their jobs. It is considered as a core service and It is free of charge at all subscription levels. RBAC uses the allow model for access. RBAC allows you to perform specific actions such as reading, writing or deleting.
OK! So now let have a look if you clean up your unnecessary resources but accidentally you will delete your main Azure instance, for e.g., you will delete your Resource Group, so your organization future might be in danger, to prevent this type of incident so Resource Locks are present to solve this problem.
What are Resource Locks?
A Resource Lock is a setting, not a Resource, some people think that it is also a Resource but it’s a setting that can be applied to any Resource to prevent Modification or Deletion. It can be applied to Subscriptions, Resource Groups and Individual Resources. Resource Locks are Inherited. OK! So now you can apply a Resource Lock for e.g., if you want to delete a Resource Group or any resource which is present in a Resource Group which is locked by Resource Lock settings, so you must first remove the lock to perform this activity even if you are the owner of the Resource or Resource Groups.
I hope you found this blog post helpful. For any queries, feel free to contact me [email protected]