SlideShare a Scribd company logo

Introduction to Azure Resource Manager, Global Azure Bootcamp 2016.04

Download as PPTX, PDF
Lukasz Kaluzny, profile picture
Lukasz Kaluzny

Azure Resource Manager enables users to deploy, organize, and manage resources through resource groups, which serve as containers for multiple resources across different regions and services. The platform supports template-driven deployments, role-based access control, audit logs, and resource policies to enhance resource management and governance. The presentation also covers tools for deployment using Visual Studio, Azure CLI, and Azure PowerShell, along with best practices for organizing and tagging resources.

Technology
Related topics:
Microsoft Azure
1 of 35
Downloaded 25 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
INTRODUCTION TO AZURE RESOURCE MANAGER
Łukasz Kałużny Senior Cloud Architect @ MVP: Microsoft Azure You can find me at: blog.kaluzny.pro @kaluzaaa
AZURE RESOURCE MANAGER API
Areas of Focus Deploy Organize Control
Resource Group  container for multiple resources  resources exist in one* resource group  resource groups can span regions  resource groups can span services *and only one RESOURCE GROUP
Deployment
Deployment  tracks template execution  created within a resource group  allows nested deployments RESOURCE GROUP
Deploying with Azure Resource Manager  template-driven  declarative  multi-service  multi-region  extensible
@ a glance - template language expressions* base64encode(‘stringtoencode’) concat(‘string’,’to’,’encode’) copyIndex(offset) listKeys(storageAccountResourceId, apiVersion) padLeft(stringToPad,targetLength,paddingCharacter) parameters(‘parameterName’) providers(namespace, resourceType) reference(resourceId,apiVersion) resourceGroup() resourceId(‘namespace/resourceType', ‘resourceName’) subscription() variables(‘variables’)
Advanced Template Scenarios  Resource Extensions VM+DSC/Chef/Puppet/CustomScript/etc. AppService + WebDeploy SQL DB + BACPAC  Copies  Nested Templates  NewOrExisting Patterns
TOOLS  Visual Studio 2015 with Azure SDK  https://resources.azure.com/  Azure CLI  Azure PowerShell (module)
DEMO 1  New resource group gabc  Deployment demo1.json from portal.azure.com  WebApp https://github.com/kaluzaaa/arm-WebAppForArmDemo/blob/master/demo1.json
DEMO 2  Deployment demo2.json using Azure CLI  Deployment app from GitHub Commands azure login azure account set 1a961a9b-cc6a-4523-b095-58cea3bd2731 azure config mode arm azure group deployment create -f "C:Userslukasz.kaluznyDocumentsGitHubarm- WebAppForArmDemodemo2.json" -g gabc -n azure -vv https://github.com/kaluzaaa/arm-WebAppForArmDemo/blob/master/demo2.json
DEMO 3  Deployment demo5.json using Azure PowerShell  Deployment of app.setting, Storage Account, SQL Database & connectionstrings, app.setting Commands Login-AzureRmAccount Select-AzureRmSubscription -SubscriptionId 1a961a9b-cc6a-4523-b095-58cea3bd2731 $tFile = "C:Userslukasz.kaluznyDocumentsGitHubarm-WebAppForArmDemodemo5.json" New-AzureRmResourceGroupDeployment -ResourceGroupName gabc -TemplateFile $tFile -Mode Incremental -Name demo -Verbose https://github.com/kaluzaaa/arm-WebAppForArmDemo/blob/master/demo5.json
DEMO 4  Export Resource Group as template
Organize
Organizing with Azure Resource Manager  resource groups  linked resources  tags
Resource Group App-centric Resource Groups and Templates SQL DB App Service Virtual Machine My 3 Tier Template
Resource Group App-centric Resource Groups and Tier-centric Templates SQL DB App Service Virtual Machine My DB Tier Template My Web Tier Template My VM Tier Template
Resource Group App-centric Resource Groups and Nested Templates SQL DB App Service Virtual Machine My Nested DB Tier Template My Nested Web Tier Template My Nested VM Tier Template
Resource Group Tier-centric Resource Groups and Templates SQL DB App Service Virtual Machine My DB Tier Template My Web Tier Template My VM Tier Template Resource Group Resource Group
Resource Tags ▷ Name-value pairs assigned to resources or resource groups ▷ Subscription-wide taxonomy ▷ Each resource can have up to 15 tags
Tagging Tips ▷ Tag by environment, e.g. dev/test/prod ▷ Tag by role, e.g. web/cache/db ▷ Tag by department, e.g. finance/retail/legal ▷ Tag by responsible party, e.g. Bob
Control
Control with Azure Resource Manager  role based access control  audit logs  resource locks  Azure Resource Policy
Role Based Access Control  Allows secure access with granular permissions  Assignable to users, groups, or service principals  Built-in roles make it easy to get started
Two Key Concepts Role Definitions • describes the set of permissions (e.g. read actions) • can be used in multiple assignments Role Assignments • associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group) • always inherited – subscription assignments apply to all resources
Role Based Access Control
/subscriptions/{id}/resourceGroups/{name}/providers/…/sites/{site} Granular Scopes subscription level – grants permissions to all resources in the sub resource group level – grants permissions to all resources in the group resource level – grants permissions to the specific resource
Audit Logs  journals all write/delete/actions  central location  common format
Key Concepts  Resource lock Policy which enforces a "lock level" at a particular scope  Lock level Type of enforcement; current values include CanNotDelete and ReadOnly  Scope: The realm to which the lock level is applied. Expressed as a URI; can be set at the resource group, or resource scope.
Azure Resource Policy  JSON - http://schema.management.azure.com/schemas/2015-10-01-preview/policyDefinition.json { "if" : { <condition> | <logical operator> }, "then" : { "effect" : "deny | audit | append" } }  Usage examples: Chargeback: Require departmental tags Geo Compliance: Ensure resource locations Use Approved SKUs Naming Convention Tag requirement
DEMO $policy = New-AzureRmPolicyDefinition -Name namingPolicy -Policy '{ "if" : { "not" : { "field" : "name", "like" : "test-*" } }, "then" : { "effect" : "deny" } }' $subscription = Get-AzureRmSubscription -SubscriptionId 1a961a9b-cc6a-4523-b095-58cea3bd2731 $resourceGroup = Get-AzureRmResourceGroup -Name gabc $scope = "/subscriptions/" + $subscription.SubscriptionId + "/resourceGroups/" + $resourceGroup.ResourceGroupName New-AzureRmPolicyAssignment -Name serverNaming -PolicyDefinition $policy -Scope $scope
Thanks! Any questions? You can find me at: @kaluzaaa lukasz.kaluzny@itmagination.pl Presentation template by SlidesCarnival
GŁÓWNI PARTNERZY KONFERENCJI: PARTNERZY TECHNOLOGICZNI: PARTNERZY KONFERENCJI: PATRONI MEDIALNI:

More Related Content

PDF
Introduction to Azure Resource Manager
Lukasz Kaluzny
 
PPTX
Azure Resource Manager (ARM) Template - Beginner's Guide
Juv Chan
 
PPTX
Inside Azure Resource Manager
Michael Collier
 
PPTX
Architecting world class azure resource manager templates
Marc Mercuri
 
PPTX
10 Ways to Gaurantee Your Azure Project will Fail
Michael Collier
 
PPTX
Automating Your Azure Environment
Michael Collier
 
PDF
Azure ARM Templates 101
Aaron Saikovski
 
PPTX
More Cache for Less Cash
Michael Collier
 
Introduction to Azure Resource Manager
Lukasz Kaluzny
 
Azure Resource Manager (ARM) Template - Beginner's Guide
Juv Chan
 
Inside Azure Resource Manager
Michael Collier
 
Architecting world class azure resource manager templates
Marc Mercuri
 
10 Ways to Gaurantee Your Azure Project will Fail
Michael Collier
 
Automating Your Azure Environment
Michael Collier
 
Azure ARM Templates 101
Aaron Saikovski
 
More Cache for Less Cash
Michael Collier
 

What's hot (11)

PDF
Azure Large Scale Deployments - Tales from the Trenches
Aaron Saikovski
 
PPTX
Programando sua infraestrutura com o AWS CloudFormation
Amazon Web Services LATAM
 
PPTX
Programming Azure Active Directory (DevLink 2014)
Michael Collier
 
PPTX
Microsoft Azure Kimlik Yönetimi
Önder Değer
 
PPTX
best aws training in bangalore
rajkamal560066
 
PPTX
Azure arm templates
sachinkalia15
 
PPTX
More Cache for Less Cash (DevLink 2014)
Michael Collier
 
PPTX
Automating Your Microsoft Azure Environment (DevLink 2014)
Michael Collier
 
PDF
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
PPTX
New generation of Azure cloud
Bruno Kovacic
 
PPTX
Understanding Azure websites
Nitesh Luharuka
 
Azure Large Scale Deployments - Tales from the Trenches
Aaron Saikovski
 
Programando sua infraestrutura com o AWS CloudFormation
Amazon Web Services LATAM
 
Programming Azure Active Directory (DevLink 2014)
Michael Collier
 
Microsoft Azure Kimlik Yönetimi
Önder Değer
 
best aws training in bangalore
rajkamal560066
 
Azure arm templates
sachinkalia15
 
More Cache for Less Cash (DevLink 2014)
Michael Collier
 
Automating Your Microsoft Azure Environment (DevLink 2014)
Michael Collier
 
Using Windows Azure for Solving Identity Management Challenges (Visual Studio...
Michael Collier
 
New generation of Azure cloud
Bruno Kovacic
 
Understanding Azure websites
Nitesh Luharuka
 
Ad

Similar to Introduction to Azure Resource Manager, Global Azure Bootcamp 2016.04 (20)

PDF
Microsoft Azure essentials
Vaibhav Gujral
 
PPTX
Azure for SharePoint Developers - Workshop - Part 3: Web Services
Bob German
 
PDF
CloudBrew 2018 - Azure Governance
Tom Janetscheck
 
PPTX
Budowanie szablonów Azure Resource Manager w praktyce od podstaw
Lukasz Kaluzny
 
PPTX
Claus_AZR210-Whats new in Iaas.pptx
kevin273889
 
PPTX
Azure Resource Manager - Technical Primer
Ben Coleman
 
PPTX
IaaS with ARM templates for Azure
Christoffer Noring
 
PPTX
Advanced Azure deployments with Azure Resource Manager and templates
Stephane Lapointe
 
PDF
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
PPT
Version Control With CVS
Rajesh Kumar
 
PPTX
ORACLE OCI - Identity and Access Management Service
exposie1
 
PDF
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
PPTX
Azure Data Storage
Ken Cenerelli
 
PPTX
JAX-RS 2.0 and OData
Anil Allewar
 
PPTX
04 Azure IAAS 101
Herman Keijzer
 
PDF
AWS CSAA Certification - Mindmaps and StudyNotes
Daniel Fonseca
 
PPTX
CCI2018 - Automatizzare la creazione di risorse con ARM template e PowerShell
walk2talk srl
 
PPTX
Microsoft Azure Offerings and New Services
Mohamed Tawfik
 
PDF
DSpace: Technical Basics
Iryna Kuchma
 
PPTX
Azure Governance for Enterprise
Mohit Chhabra
 
Microsoft Azure essentials
Vaibhav Gujral
 
Azure for SharePoint Developers - Workshop - Part 3: Web Services
Bob German
 
CloudBrew 2018 - Azure Governance
Tom Janetscheck
 
Budowanie szablonów Azure Resource Manager w praktyce od podstaw
Lukasz Kaluzny
 
Claus_AZR210-Whats new in Iaas.pptx
kevin273889
 
Azure Resource Manager - Technical Primer
Ben Coleman
 
IaaS with ARM templates for Azure
Christoffer Noring
 
Advanced Azure deployments with Azure Resource Manager and templates
Stephane Lapointe
 
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
Version Control With CVS
Rajesh Kumar
 
ORACLE OCI - Identity and Access Management Service
exposie1
 
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
 
Azure Data Storage
Ken Cenerelli
 
JAX-RS 2.0 and OData
Anil Allewar
 
04 Azure IAAS 101
Herman Keijzer
 
AWS CSAA Certification - Mindmaps and StudyNotes
Daniel Fonseca
 
CCI2018 - Automatizzare la creazione di risorse con ARM template e PowerShell
walk2talk srl
 
Microsoft Azure Offerings and New Services
Mohamed Tawfik
 
DSpace: Technical Basics
Iryna Kuchma
 
Azure Governance for Enterprise
Mohit Chhabra
 
Ad

More from Lukasz Kaluzny (20)

PDF
Azure Kubernetes Service (AKS) - Co słychać na początku 2020?
Lukasz Kaluzny
 
PDF
Fundamentals of Kubernetes on Microsoft Azure
Lukasz Kaluzny
 
PDF
Microsoft Azure Developer Camp - Modern Computing in Azure
Lukasz Kaluzny
 
PPTX
SQL Days 2019 - Kubernetes 101
Lukasz Kaluzny
 
PDF
Najbardziej popularne wzorce architektoniczne w chmurze
Lukasz Kaluzny
 
PPTX
Kubernetes for data scientist
Lukasz Kaluzny
 
PPTX
4 lata z Azure okiem Architekta
Lukasz Kaluzny
 
PDF
Azure MXChip IoT DevKit
Lukasz Kaluzny
 
PPTX
Najczęściej popełniane błędy przy wykorzystywaniu IaaS w Microsoft Azure
Lukasz Kaluzny
 
PDF
Jak zbudować aplikacje z wykorzystaniem funkcjonalności windows server 2016...
Lukasz Kaluzny
 
PDF
Serverless w Azure, czyli Azure Functions
Lukasz Kaluzny
 
PDF
Jak zacząć z Azure IoT Suite
Lukasz Kaluzny
 
PPTX
Azure RemoteApp
Lukasz Kaluzny
 
PPTX
Blue whale, jail and Microsoft
Lukasz Kaluzny
 
PDF
Microsoft Azure + Docker
Lukasz Kaluzny
 
PDF
Transformacja do chmury w ITMAGINATION
Lukasz Kaluzny
 
PPTX
Azure Site Recovery
Lukasz Kaluzny
 
PPTX
Performance troubleshooting in Hyper-V
Lukasz Kaluzny
 
PPTX
Automatyzacja Microsoft Azure z wykorzystaniem Azure Automation
Lukasz Kaluzny
 
PPTX
Wprowadzenie do Cloud OS
Lukasz Kaluzny
 
Azure Kubernetes Service (AKS) - Co słychać na początku 2020?
Lukasz Kaluzny
 
Fundamentals of Kubernetes on Microsoft Azure
Lukasz Kaluzny
 
Microsoft Azure Developer Camp - Modern Computing in Azure
Lukasz Kaluzny
 
SQL Days 2019 - Kubernetes 101
Lukasz Kaluzny
 
Najbardziej popularne wzorce architektoniczne w chmurze
Lukasz Kaluzny
 
Kubernetes for data scientist
Lukasz Kaluzny
 
4 lata z Azure okiem Architekta
Lukasz Kaluzny
 
Azure MXChip IoT DevKit
Lukasz Kaluzny
 
Najczęściej popełniane błędy przy wykorzystywaniu IaaS w Microsoft Azure
Lukasz Kaluzny
 
Jak zbudować aplikacje z wykorzystaniem funkcjonalności windows server 2016...
Lukasz Kaluzny
 
Serverless w Azure, czyli Azure Functions
Lukasz Kaluzny
 
Jak zacząć z Azure IoT Suite
Lukasz Kaluzny
 
Azure RemoteApp
Lukasz Kaluzny
 
Blue whale, jail and Microsoft
Lukasz Kaluzny
 
Microsoft Azure + Docker
Lukasz Kaluzny
 
Transformacja do chmury w ITMAGINATION
Lukasz Kaluzny
 
Azure Site Recovery
Lukasz Kaluzny
 
Performance troubleshooting in Hyper-V
Lukasz Kaluzny
 
Automatyzacja Microsoft Azure z wykorzystaniem Azure Automation
Lukasz Kaluzny
 
Wprowadzenie do Cloud OS
Lukasz Kaluzny
 

Recently uploaded (20)

PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
KodekX | Application Modernization Development
KodekX
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
A Presentation on Artificial Intelligence
memembruh336
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 

Introduction to Azure Resource Manager, Global Azure Bootcamp 2016.04

  • 2. Łukasz Kałużny Senior Cloud Architect @ MVP: Microsoft Azure You can find me at: blog.kaluzny.pro @kaluzaaa
  • 4. Areas of Focus Deploy Organize Control
  • 5. Resource Group  container for multiple resources  resources exist in one* resource group  resource groups can span regions  resource groups can span services *and only one RESOURCE GROUP
  • 7. Deployment  tracks template execution  created within a resource group  allows nested deployments RESOURCE GROUP
  • 8. Deploying with Azure Resource Manager  template-driven  declarative  multi-service  multi-region  extensible
  • 9. @ a glance - template language expressions* base64encode(‘stringtoencode’) concat(‘string’,’to’,’encode’) copyIndex(offset) listKeys(storageAccountResourceId, apiVersion) padLeft(stringToPad,targetLength,paddingCharacter) parameters(‘parameterName’) providers(namespace, resourceType) reference(resourceId,apiVersion) resourceGroup() resourceId(‘namespace/resourceType', ‘resourceName’) subscription() variables(‘variables’)
  • 10. Advanced Template Scenarios  Resource Extensions VM+DSC/Chef/Puppet/CustomScript/etc. AppService + WebDeploy SQL DB + BACPAC  Copies  Nested Templates  NewOrExisting Patterns
  • 11. TOOLS  Visual Studio 2015 with Azure SDK  https://resources.azure.com/  Azure CLI  Azure PowerShell (module)
  • 12. DEMO 1  New resource group gabc  Deployment demo1.json from portal.azure.com  WebApp https://github.com/kaluzaaa/arm-WebAppForArmDemo/blob/master/demo1.json
  • 13. DEMO 2  Deployment demo2.json using Azure CLI  Deployment app from GitHub Commands azure login azure account set 1a961a9b-cc6a-4523-b095-58cea3bd2731 azure config mode arm azure group deployment create -f "C:Userslukasz.kaluznyDocumentsGitHubarm- WebAppForArmDemodemo2.json" -g gabc -n azure -vv https://github.com/kaluzaaa/arm-WebAppForArmDemo/blob/master/demo2.json
  • 14. DEMO 3  Deployment demo5.json using Azure PowerShell  Deployment of app.setting, Storage Account, SQL Database & connectionstrings, app.setting Commands Login-AzureRmAccount Select-AzureRmSubscription -SubscriptionId 1a961a9b-cc6a-4523-b095-58cea3bd2731 $tFile = "C:Userslukasz.kaluznyDocumentsGitHubarm-WebAppForArmDemodemo5.json" New-AzureRmResourceGroupDeployment -ResourceGroupName gabc -TemplateFile $tFile -Mode Incremental -Name demo -Verbose https://github.com/kaluzaaa/arm-WebAppForArmDemo/blob/master/demo5.json
  • 15. DEMO 4  Export Resource Group as template
  • 17. Organizing with Azure Resource Manager  resource groups  linked resources  tags
  • 18. Resource Group App-centric Resource Groups and Templates SQL DB App Service Virtual Machine My 3 Tier Template
  • 19. Resource Group App-centric Resource Groups and Tier-centric Templates SQL DB App Service Virtual Machine My DB Tier Template My Web Tier Template My VM Tier Template
  • 20. Resource Group App-centric Resource Groups and Nested Templates SQL DB App Service Virtual Machine My Nested DB Tier Template My Nested Web Tier Template My Nested VM Tier Template
  • 21. Resource Group Tier-centric Resource Groups and Templates SQL DB App Service Virtual Machine My DB Tier Template My Web Tier Template My VM Tier Template Resource Group Resource Group
  • 22. Resource Tags ▷ Name-value pairs assigned to resources or resource groups ▷ Subscription-wide taxonomy ▷ Each resource can have up to 15 tags
  • 23. Tagging Tips ▷ Tag by environment, e.g. dev/test/prod ▷ Tag by role, e.g. web/cache/db ▷ Tag by department, e.g. finance/retail/legal ▷ Tag by responsible party, e.g. Bob
  • 25. Control with Azure Resource Manager  role based access control  audit logs  resource locks  Azure Resource Policy
  • 26. Role Based Access Control  Allows secure access with granular permissions  Assignable to users, groups, or service principals  Built-in roles make it easy to get started
  • 27. Two Key Concepts Role Definitions • describes the set of permissions (e.g. read actions) • can be used in multiple assignments Role Assignments • associate role definitions with an identity (e.g. user/group) at a scope (e.g. resource group) • always inherited – subscription assignments apply to all resources
  • 28. Role Based Access Control
  • 29. /subscriptions/{id}/resourceGroups/{name}/providers/…/sites/{site} Granular Scopes subscription level – grants permissions to all resources in the sub resource group level – grants permissions to all resources in the group resource level – grants permissions to the specific resource
  • 30. Audit Logs  journals all write/delete/actions  central location  common format
  • 31. Key Concepts  Resource lock Policy which enforces a "lock level" at a particular scope  Lock level Type of enforcement; current values include CanNotDelete and ReadOnly  Scope: The realm to which the lock level is applied. Expressed as a URI; can be set at the resource group, or resource scope.
  • 32. Azure Resource Policy  JSON - http://schema.management.azure.com/schemas/2015-10-01-preview/policyDefinition.json { "if" : { <condition> | <logical operator> }, "then" : { "effect" : "deny | audit | append" } }  Usage examples: Chargeback: Require departmental tags Geo Compliance: Ensure resource locations Use Approved SKUs Naming Convention Tag requirement
  • 33. DEMO $policy = New-AzureRmPolicyDefinition -Name namingPolicy -Policy '{ "if" : { "not" : { "field" : "name", "like" : "test-*" } }, "then" : { "effect" : "deny" } }' $subscription = Get-AzureRmSubscription -SubscriptionId 1a961a9b-cc6a-4523-b095-58cea3bd2731 $resourceGroup = Get-AzureRmResourceGroup -Name gabc $scope = "/subscriptions/" + $subscription.SubscriptionId + "/resourceGroups/" + $resourceGroup.ResourceGroupName New-AzureRmPolicyAssignment -Name serverNaming -PolicyDefinition $policy -Scope $scope
  • 34. Thanks! Any questions? You can find me at: @kaluzaaa lukasz.kaluzny@itmagination.pl Presentation template by SlidesCarnival
  • 35. GŁÓWNI PARTNERZY KONFERENCJI: PARTNERZY TECHNOLOGICZNI: PARTNERZY KONFERENCJI: PATRONI MEDIALNI: