Module 1c - Understanding Azure Architecture and Management - Resource Groups Flashcards
What is ARM?
Azure Resource Manager. The deployment and management service for Azure
Hint: you can define things…
What are some key advantages with ARM?
- Declarative JSON templates; easy infrastructure management
- Manage a single Resource or a group of them - Deploy and Redeploy easily and consistently
- Define dependencies between Resources for correct deployment order
- Apply RBAC (Role Based Access Control)
- Apply additional Tags/Tagging
How do you interact with ARM?
- Azure Portal
- Azure Powershell
- Azure CLI
- Azure Portal’s Cloud Shell
- Azure SDK
What are Resource Groups?
A group of Resources that share the same lifecycle. Those Resources deploy, update and get deleted when the Resouce Group gets deployed, updated and deleted.
Resources in one Resource Group can communicate with Resources of another Resource Group (T/F)?
True. They can do this with any number of network services.
Hint: DEL
Resource Groups - Describe what the Lifecycle is
Deleting the group DELETES ALL contained Resources. Great for experimenting.
Resource Groups - How do you apply Authorization?
Resource Groups can be scoped to RBAC (Role-Based Access Control). This way you can scope users to certain permissions sets (restrict access to certain services and features)
Resource Groups - What are Region Requirements?
You need to set the Region for a Resource Group. This defines where the metadata for the Resource Group exists, NOT where the Resource(s) in the Group reside. This is important to know if you have data residency requirements to consider (including metadata)
Resource Groups can contain Resources provisioned to different Regions (T/F)?
True. You can put Resources from different Regions i.e. a Resource in the Group can be of Region A while the Resource Group can be defined in Region B. This allows for logical grouping of Availability/Redundancy-dedicated Resources
A Resource CANNOT exist in more than one Resource Group (T/F)?
True
RBAC and other Security Controls must be applied separately to each Resource in a Resource Group i.e. Resource Groups do not offer Group-level security (T/F)
Totally FALSE! Resource Groups serve as a parent to the Resources it contains, thus security controls applied to the Group propagate to Resources contained. You can still apply individual security controls to the individual Resource, however these would NOT override the Group-level applications (maintains proper governance and security)
Resources Groups can be nested to form a Group Hierarchy (T/F)?
FALSE. The CANNOT be nested
Explain the diff between Service vs Resource
A Service is a compute or virtual hardware offering from a Cloud Provider, whereas a Resource is an instance of a Service
What’s the difference between a Subscription and a Resource Group?
- A Subscription is a logical grouping of Services
- A Resource Group is a logical grouping of Resources
