Azure resource group organization
As we saw in a previous section where we introduced Azure subscriptions, we noted that you must first define access and billing control when planning to create Azure resources. This will shape the subscription and resource group strategy; the order in which these should be created is the tenancy, then the subscription, then any management groups, and finally resource groups. Resource group organization is entirely subjective; it all depends on the organization’s decision on how resource groups will be used. Some may like to see location grouping and some resource groups as resource type groupings, such as networks or virtual machines. This is visualized in Figure 3.26 in this section.
Creating the required resource group requires planning to find the optimal way to organize all of the Azure resources logically; this will become increasingly important and critical as the environments grow to hundreds or thousands of resources. It is best to plan a strategy for both the logical grouping of resources and a naming convention to make identifying resources easier for management purposes.
The resource group is typically used to group all resources that share the same life cycle or have some form of dependency or the same access control and management requirements. The resources could be grouped by environments, by business unit, by region, or by any combination that seems an appropriate approach. The following diagram outlines the different methods that could be taken:
Figure 3.26 – Azure resource group organization
Individual resources can be deleted; the resource group itself can also be deleted, which will delete all the resources it contains. This is useful if there are many resources in the resource group that are no longer needed. This can also be very dangerous, as there may be resources in a resource group that are required to remain and are not to be deleted or did not mean to be deleted, oops!
There are governance controls that can be put in place, such as removing the ability to delete resource groups through RBAC, but locks can also prevent deletion. Locks will be covered in Chapter 9, Azure Governance, of this book.
This section introduced Azure resource group organization and planning. The following section provides some hands-on exercises to reinforce your knowledge and increase your skills.