In this article, today I am going to provide an introduction to Azure resource structure and we will see how they’re organized and used. So let’s start. In terms of Azure resource, the lowest dominator is an Azure resource. A resource is an entity that is managed by azure. It can be a virtual network or it can be a storage account and many more can be listed. Each of these resources in Azure belongs to a resource group. So what is a resource group? Let’s see…
A resource group is a logical entity that is used to group the resources so that it can be managed as a single entity.most of the time we will put the resource that shares a common life cycle into a particular resource group. Each resource group belongs to a subscription and the subscription itself is a part of the resource and is managed by a single entity and billing entity too.
The subscription and resource group falls under the policies, it could be applied as a resource group. All cost of resource in the resource group under that subscription aggregated at the subscription level and we can apply controls at the subscription level such as resource policies. Resource policies are a set of rules that can be applied and make sure tall the resources and subscriptions are compiled to that resource policy and resource limits, financial limits can be applied.
- A set of rules applied to a certain group/region which controls the activity of users.
- This applies at the enterprise level and governing rules can be made here and all the resource groups and subscription groups will inherit the governed rule made at the management level.
- For example, if we want our users to deploy resources to a certain limit we want to limit the deployment of resources in a particular region. In this case, we can deploy a policy at the management group.
Azure Resource Manager
Azure resource manager contains REST APIs which can be called by different tools that exist in Azure, such as PowerShell, Azure portal, or Azure CLI in order to deploy the resource into subscription and resources group.
For example, once a request comes to the Azure resource manager to deploy a virtual machine it will identify the resource type in the virtual machine and it will delegate that request to an appropriate azure resource provider.in this case, the virtual machine and Azure resource provider will manage or deploying the resources. So, the request initially will come to the resource manager, Azure resource manager will identify the resource type and pass on the request to azure resource provider and resource provider such as virtual network and resource provider like VM, will carry out the transaction whether it is managing that particular resources or deploy that particular resource.
Azure resource manager does two things: it will authenticate and authorize the user. For that, it uses the Azure Active Directory.
Azure Active Directory (Authenticate and Authorize)
Azure Active Directory is a multi-tenanted active directory and it contains tenants. A tenant is basically a logical construct of a dedicated instance of Azure active directory for a particular organization generally. So when we create an azure account a tenant will be created to us and we can deploy users in those tenants and also you can define role-based access control for those users in that particular tenant.
If your organization is big enough, then you can have an enterprise portal where you can have a hierarchy of enterprise and you can define users under that so you can have a dedicated AD tenant for finance dedicated tenant for HR and you start creating subscription under that tenant, as shown in the below image.
Thanks for reading, please provide feedback and suggestions if there are any. Stay safe!