Azure Classroom Series – 16/Sept/2021

Azure Governance features

  • As your cloud presense grows you will want to allow/deny access to te resources by multiple users. Role Based Access Control (RBAC) is a great way to give users a specific level of access to your Resources

  • Role-based Access Control (RBAC):

    • This is a generic term that refers to concept of authorizing users to a system that is based on defined roles to which user belongs
    • Azure implements RBAC across all Azure Resources
    • There are four element to RBAC
      • Security Prinicipal: This represents an Identity (user, group, application/service principal, managed entity)
      • Role: A role (role definition) is what defines how the security prinicipal can interact with Azure resource
      • Scope: The Scope defines the level at which role is applied & it specifies how much control the security principal
      • Role assignments: Roles are assinged to security principal at a particular scope & that’s what ultimately defines the level of access for security principal
    • RBAC has many built-in roles. The following three are built-in roles available for all the Azure Resoures which you can use
      • Owner: Members of this roles have full access to the resources
      • Contributor: Members of this role create resources and manage resources but they cannot delegate the access to any others
      • Reader: Members of this roles can see Azure resources, but they cannot create, delete or manage those resources

  • Note: Refer Here to this video to understand JSON and YAML

  • Tags:

    • Another feature in Azure that makes it easy to organize resources is tags
    • A tag consists of name and value
    • For example your company is using Azure to run two products (qtecommerce,qthrms)
      • you also have created lot of resources for running these applications
      • If you want to view all the Azure resources of a specific project, but they are spread across multiple resource groups. Tags can be helpful here
    • We can search all the resources in a particular tag All Services -> Tags Preview

  • Azure Policy:

    • Azure policy allows you to define rules that are applied when Azure resources are created and managed. For eg, you can create a policy that specifies only a certain size of vm can be create an the VMs must be created in East Us Regions
    • Azure will take care of enforcing this policy so that you remain in accordance with your corporate policies Preview

  • Azure Blueprints:

    • Azure Blueprints is a service that can make process of deploying to the cloud easier
    • Blueprints allows you to configure an environment just as you need it to be, along with all the policies and other governance aspects in place

  • Azure Management Group:

    • If your ogranization has many subscriptions, you need a way to effeciently manage access policies and compliance across those subscriptions
    • Azure Management provides a level of scope above subscriptions. Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Floating Social Media Icons by Acurax Wordpress Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube