Summary of AZ-900 Episode 8 | Resources, Resource Groups & Resource Manager | Azure Fundamentals Course

Summary of "AZ-900 Episode 8 | Resources, Resource Groups & Resource Manager | Azure Fundamentals Course"

This video, presented by Adam, covers fundamental concepts related to resource management in Microsoft Azure, focusing on resources, Resource Groups, and the Azure Resource Manager. It explains what these components are, how they relate to each other, and how to manage them both via the Azure Portal and Azure CLI.

---

Main Ideas and Concepts

1. Resources

• Resources are the core objects representing Azure services (e.g., SQL databases, virtual machines, web apps).
• Each purchased service in Azure is represented as a resource.
• Resources hold all configurations related to the service as properties.
• Resources can be described using JSON templates, which include common properties like:
  • type
  • apiVersion
  • name
  • location
• Resources have a lifecycle linked to their creation and deletion.

2. Resource Groups

• A resource group is a logical container that holds related Azure resources.
• Creating a resource group is mandatory before creating any resource.
• Resource Groups help manage resources collectively, including applying policies, access control, and billing.
• Strategies for grouping resources include:
  • By resource type (e.g., all SQL databases in one group)
  • By application lifecycle (e.g., separate groups for development, testing, production)
  • By department or cost center (for billing)
  • By Azure region (to manage data sovereignty and compliance)
• Resource Groups store metadata about contained resources but do not restrict resources to a single location.
• Resources can be moved between Resource Groups.
• Resource Groups cannot be nested (no hierarchy of groups).

3. Azure Resource Manager (ARM)

• ARM is the centralized service that manages resource creation, updating, and deletion.
• It provides a unified management layer and consistent API for all resource operations.
• ARM validates requests against user privileges stored in Azure Active Directory (AAD).
• All interfaces (Azure Portal, CLI, PowerShell, REST API, SDKs) interact with Azure Resource Manager.
• ARM ensures consistent deployment and management across all Azure services.

---

Methodology / Instructions Demonstrated

Creating a Resource Group in Azure Portal:

• Navigate to Resource Groups in the Azure Portal.
• Click Add.
• Select the subscription (billing unit).
• Enter a resource group name (e.g., az900).
• Choose a region (metadata storage location).
• Review and create the resource group.
• Resource Groups are free and creation is instantaneous.

Creating a Resource (Storage Account) in Azure Portal:

• Navigate to Storage Accounts.
• Click Add.
• Select subscription and resource group.
• Provide storage account name.
• Use default values or customize.
• Review and create the storage account.
• After creation, manage the resource or return to the resource group.

Managing Access Control:

• Within a resource group, open the Access Control (IAM) panel.
• Add role assignments to grant permissions to users or groups.
• Roles define privileges (e.g., Owner can do everything).
• Assign users to roles to delegate management.

Using Azure CLI for Resource Management:

• Log in using az login.
• Create Resource Groups using:

  az group create --name <resource-group-name> --location <region>

• Create resources specifying the resource group:

  az storage account create --name <storage-account-name> --resource-group <resource-group-name> --location <region>

• CLI commands perform the same operations as the portal but via scripting.

Viewing Resource JSON Definition:

• Navigate through Azure Portal: subscriptions → Resource Groups → providers → service.
• Inspect the JSON properties of a resource.
• Shortcut: Copy part of the URL from the resource group and append it after https://resources.azure.com/ to directly access resource JSON.

---

Key Takeaways

• Every Azure resource must belong to exactly one resource group.
• Resource Groups are logical containers primarily used for management, access control, and billing.
• Resource Groups cannot be nested but resources can be moved between groups.
• Azure Resource Manager is the unified backend service managing all resource operations and enforcing access controls.
• You can manage Azure resources via Portal, CLI, PowerShell, REST API, or SDKs, all interacting with ARM.
• Choose resource group strategies that best fit your organizational needs (application lifecycle, billing, security, etc.).

---

Speakers / Sources

• Adam (main presenter and instructor)

This episode provides a foundational understanding of how Azure organizes and manages resources, essential for anyone preparing for the AZ-900 certification or beginning to work with Azure infrastructure.

Notable Quotes

— 10:24 — « A pretty cool trick: if you don't like navigating through the portal, copy the URL starting from subscriptions and paste it after azure resources com to jump directly to the resource you're browsing. »

— 11:00 — « When picking a strategy for resource groups, remember to pick the strategy that fits your organization's needs—whether billing, security, access management, or application life cycle. »

— 11:55 — « Resource manager is a centralized management layer for all the resources and resource groups in Azure, providing a unified template language and consistent validations across multiple interfaces. »

— 12:20 — « Azure resource manager checks your privileges with Azure Active Directory, the centralized identity and access management service, ensuring proper permissions before allowing resource changes. »

— 12:54 — « Resource manager is an internal Azure service for building and managing resources, and all resource creation and management goes through it. »

Category

Educational

Video