Azure Resource Groups
- Roger Cruz
Intro
Resource Groups are a logical container for Azure resources
Â
Documentation
Tips And Tidbits
Â
Resource groups are logical containers into which Azure resources are deployed and managed.
Resource groups have their own location (region) assigned.
This region is where the metadata is stored.
Resources in the resource group can be in different regions.
If the resource group's region is temporarily unavailable, you can't update resources in the resource group because the metadata is unavailable.
All resources must be in a resource group
A resource can only be a member of a single resource group.
Each resource must be in one, and only one, resource group.
Resources can be moved between resource groups with some services having specific limitations or requirements to move.
Resource groups can't be nested.
If you delete a resource group, all resources contained within are also deleted.
At the resource group level, you can assign Azure policies, Azure roles, and resource locks. Resource locks prevent unexpected changes to critical resources.
Since resource groups are a scope of RBAC, you can organize resources by who needs to administer them.
If a database administration team is responsible for managing all of your Azure SQL Database instances, putting them in the same resource group would simplify administration.Â
Placing resources in the same resource group is a way to group them for usage in billing reports
Resources can only exist in one resource group.
Resource Groups cannot be renamed.
Resource Groups can have resources of many different types (services).
Resource Groups can have resources from many different regions.
All the resources in your group should share the same lifecycle.
You deploy, update, and delete them together. If one resource, such as a database server, needs to exist on a different deployment cycle it should be in another resource group.
The resource group stores metadata about the resources.
Therefore, when you specify a location for the resource group, you're specifying where that metadata is stored.
For compliance reasons, you may need to ensure that your data is stored in a particular region.
When moving resources, both the source group and the target group are locked during the operation.
Write and delete operations are blocked on the resource groups until the move completes.
This lock means you can't add, update, or delete resources in the resource groups.
Locks don't mean the resources aren't available.
Just because a service can be moved doesn’t mean there aren’t restrictions.
For example, you can move a virtual network, but you must also move its dependent resources, like gateways.
Deploy A Resource Group Via A Template
Â
New-AzSubscriptionDeployment `
>> -Location $location `
>> -Name az30306subaDeployment `
>> -TemplateFile $HOME/azuredeploy30306suba.json `
>> -rgLocation $location `
>> -rgName 'az30306a-labRG'Â
Template source: https://github.com/MicrosoftLearning/AZ-303-Microsoft-Azure-Architect-Technologies/blob/master/Allfiles/Labs/06/azuredeploy30306suba.json
Â
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"rgName": {
"type": "string"
},
"rgLocation": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"apiVersion": "2018-05-01",
"name": "[parameters('rgName')]",
"location": "[parameters('rgLocation')]",
"properties": {}
}
],
"outputs": {}
}Â
Create A Resource Group Via AZ CLI
Â
az group create --name myResourceGroupVM --location eastus2