Azure Governance Flashcards
Azure Governance for scopes
Allows for the organization of resources
Resource groups - are containers that group related resources
Management - allows us to target a specific scope sucj
subscriptions - provides a billing boundary that allows for the monitoring of cost management for all the resources within a subscription
When they talk about governance
understand what you can and cannot do with resource groups such as:
You cannot nest resource groups
You cannot rename resource groups
You can move resources across various regions and subscriptions
Management group
Have a default management level that is assigned to your account
Cannot remove as default as it is a part of azure
Can create multiple subscriptions
You can cerate RBAC aligned to multiple scopes
Resource groups
All resources must be part of a resource group and resource can only be a member of a single resource group
Many resources can be moved between resource groups with some services having specific limitations or requirements to move
Resource groups cant be nested or renamed
Azure locks
Prevents actions that can occur to the resources such as deleting or modifying.
Deletion lock - Authorized users can still read modify a resource but they cant delete the resource
Read only: Authorized users can read a resource , but they cant delete or update the resource.
If a resource lock is at a resource group level then all the resources in that resource group will inherit that action.
Azure Resource tags
Provides metadata for azure resources using name-value pairs
There are tag limitations:
Names must be 512 characters or less ( 124 for storage accounts)
Values must be 256 characters or less
Names cant contain
Limit of 50 tag name/value pairs for each resource, resource group or subscription
Tags values can be JSON strings. The string can contain many values apply to a single name.
Configure Azure Polices
Azure policies that allows you cerate , assign and manage policy with different rules over different resources and scopes
allows for the management of policy definitions , initiatives at various level of scopes.
Allows for audit and enforce tags such as
Enforce tagging
Ensure your tagging policy is followed when resources are created
Apply naming conventions
Require resources to be provisioned with a naming convention you set
Restrict resource creation
Azure policy can be used to ensure that only certain resources can be created.
Configure Management groups
Provides organizational alignment for azure subscriptions through custom hierarchies and grouping
Enables targeting of policies and spend budgets across subscriptions and inheritance down the hierarchies
Support in compliance and cost reporting by organization
The default management group is called the root management group that cannot be changed or deleted. Its optional to use.
Manage costs by using alerts , budgets and recommendations
Remember that
Costs are resource specific
usage costs may vary between locations
Costs for inbound and outbound data transfer differ
Pre pay azure reserved instances to reduce costs
Use your on prem licenses with azure hybrid benefit
Use forecasted alerts to monitor if spending trends exceed your budget
view cost optimization recommendations through advisor recommendations
