Azure AZ-900 Fundamentals Exam
Start here! Get your feet wet with the Microsoft cloud and begin your journey to earning your Microsoft Certified: Azure Fundamentals certification!
Practice Test
Practice Test
Describe Azure resources and resource groups
Define Azure Resources
Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a consistent management layer that allows you to create, update, and delete resources in your Azure account. ARM ensures that all requests made through Azure APIs, tools, or SDKs are authenticated and authorized before being forwarded to the appropriate Azure service, providing consistent results across all tools. Azure resources are manageable items available through Azure, such as virtual machines, storage accounts, web apps, databases, and virtual networks. These resources are organized into resource groups, which are containers that hold related resources for an Azure solution. Resource groups help manage resources as a group based on what makes the most sense for your organization. Resource providers are services that supply Azure resources. For example, Microsoft.Compute provides virtual machines, and Microsoft.Storage provides storage accounts. ARM templates and Bicep files use declarative syntax to define the properties for the infrastructure to deploy to Azure, allowing for consistent and repeatable deployments. Using Azure Resource Manager offers several benefits, including managing infrastructure through declarative templates, deploying and managing resources as a group, and applying access control through Azure role-based access control (Azure RBAC).
Additionally, ARM allows you to apply tags to resources for logical organization and to view costs for a group of resources sharing the same tag. Azure provides four levels of management scope: management groups, subscriptions, resource groups, and resources. Management settings applied at higher levels are inherited by lower levels.
For example, a policy applied to a subscription will also apply to all resource groups and resources within that subscription. This hierarchical structure helps in organizing and managing resources efficiently.
Resource Group Management
Resource groups in Azure are essential for organizing and managing related resources for a specific solution. A resource group acts as a container that holds related resources, which can include virtual machines, storage accounts, and databases. By grouping resources that share the same lifecycle, you can easily deploy, update, and delete them as a unit. This approach simplifies management and ensures that all resources within the group are treated consistently. To create a resource group using the Azure CLI, you can use the command az group create --name --location
. This command specifies the name and location for the resource group, ensuring that the metadata about the resources is stored in the specified region. For example, az group create --name demoResourceGroup --location westus
creates a resource group named "demoResourceGroup" in the "westus" region. Listing and managing resource groups is straightforward with Azure CLI. To list all resource groups in your subscription, use az group list
. To get details of a specific resource group, use az group show --name
. Deleting a resource group, along with all its contained resources, can be done using az group delete --name
. This command is useful for cleaning up resources that are no longer needed. Deploying resources within a resource group can be done using various methods, including Azure CLI, ARM templates, or Bicep files. For instance, to create a storage account within a resource group, you can use az storage account create --resource-group --name --location --sku Standard_LRS --kind StorageV2
. This command ensures that the storage account is created with the specified parameters within the designated resource group. Locking resource groups is a critical feature to prevent accidental deletion or modification of important resources. You can create a lock using az lock create --name --lock-type CanNotDelete --resource-group
. This lock ensures that the resources within the group cannot be deleted unless the lock is explicitly removed using az lock delete --name --resource-group
. Tagging resource groups helps in logically organizing and managing resources by applying metadata tags. Tags can be used for categorization, billing, and management purposes. Additionally, you can export resource groups to templates for easier replication and deployment of similar environments. Managing access to resource groups is facilitated through Azure role-based access control (RBAC), allowing you to assign roles and permissions to users, groups, or service principals.
By understanding and utilizing these features, you can effectively manage and organize your Azure resources, ensuring efficient and secure operations within your cloud environment.
Resource Group Deployment and Automation
Resource groups in Azure are containers that hold related resources for an Azure solution. They help organize and manage resources that share the same lifecycle, making it easier to deploy, update, and delete them as a group. Resource groups store metadata about the resources, and the location of the resource group specifies where this metadata is stored. This is important for compliance reasons, as data may need to be stored in specific regions.
To create a resource group using Azure PowerShell, you can use the New-AzResourceGroup
command. For example:
New-AzResourceGroup -Name exampleGroup -Location westus
To list all resource groups in your subscription, use Get-AzResourceGroup
. To delete a resource group, use Remove-AzResourceGroup
. Deploying resources within a resource group can be done using Azure PowerShell, ARM templates, or Bicep files. For instance, to create a storage account, you can use:
New-AzStorageAccount -ResourceGroupName exampleGroup -Name examplestore -Location westus -SkuName "Standard_LRS"
ARM templates and Bicep files provide a way to automate the deployment of resources. For example, deploying a Bicep file can be done with:
New-AzResourceGroupDeployment -ResourceGroupName exampleGroup -TemplateFile storage.bicep
``` **Locking resource groups** prevents accidental deletion or modification of critical resources. To lock a resource group, use:
```powershell
New-AzResourceLock -LockName LockGroup -LockLevel CanNotDelete -ResourceGroupName exampleGroup
To manage access to resource groups, Azure role-based access control (RBAC) is used. This allows you to assign roles to users, groups, or applications to control their access to resources. Tagging resources helps in logically organizing your assets. Tags can be applied to resource groups and individual resources to categorize and manage them effectively. For example, you can add tags using the Azure portal or PowerShell.
By understanding and utilizing these features, you can effectively manage and automate the deployment of resources within Azure, ensuring that your cloud environment is organized, secure, and compliant with your organizational policies.
Resource Group Policies and Permissions
Azure Resource Manager (ARM) is the deployment and management service for Azure, providing a consistent management layer for creating, updating, and deleting resources. Resource groups are containers that hold related resources for an Azure solution, allowing you to manage them as a group. This organization helps in applying policies and permissions effectively. Azure Policies and Role-Based Access Control (RBAC) are essential tools for managing resource groups. Azure Policies ensure that resources comply with your business rules by evaluating their properties and blocking non-compliant actions. For example, you can use policies to enforce specific configurations or to prevent the creation of resources in unauthorized regions. Policies can be applied at various scopes, such as management groups, subscriptions, or resource groups, and they inherit settings from higher levels. Azure RBAC focuses on managing user actions at different scopes. It allows you to assign roles to users, groups, or applications, granting them the necessary permissions to perform specific actions on Azure resources. For instance, the Owner role grants full access to manage all resources, while the Contributor role allows resource management without the ability to assign roles. RBAC roles can be assigned at different levels, including management groups, subscriptions, resource groups, and individual resources. Combining Azure Policies and RBAC provides comprehensive control over your Azure environment. Policies ensure resource compliance, while RBAC manages who can perform specific actions. This combination helps maintain security and organizational standards across your Azure resources. For example, you can use RBAC to grant a user the Contributor role on a resource group, allowing them to manage resources within that group, while policies ensure those resources meet compliance requirements.
In summary, understanding and effectively using Azure Resource Manager, Policies, and RBAC is crucial for managing Azure resources and resource groups. These tools help enforce organizational standards, manage permissions, and ensure resource compliance, providing a secure and well-organized cloud environment.
Understand Resource Groups
Azure Resource Manager is the deployment and management service for Azure, providing a consistent management layer for creating, updating, and deleting resources in your Azure account. It ensures that all requests made through Azure APIs, tools, or SDKs are authenticated and authorized before being forwarded to the appropriate Azure service. This consistent management layer allows for uniform results and capabilities across different tools. Resource Groups are a fundamental concept in Azure, acting as containers that hold related resources for an Azure solution. These resources can include virtual machines, storage accounts, web apps, databases, and virtual networks. The purpose of resource groups is to manage these resources collectively, making it easier to deploy, manage, and monitor them as a unit. This organization helps in applying access controls, tags, and policies efficiently. The benefits of using Resource Manager include the ability to manage infrastructure through declarative templates rather than scripts, deploy and monitor resources as a group, and ensure consistent deployment states throughout the development lifecycle. Additionally, Resource Manager allows for defining dependencies between resources, applying access control through Azure role-based access control (RBAC), and organizing resources logically with tags for better billing clarity. Azure provides four levels of management scope: management groups, subscriptions, resource groups, and resources. Management settings applied at higher levels are inherited by lower levels. For example, a policy applied at the subscription level will affect all resource groups and resources within that subscription. This hierarchical structure helps in maintaining consistent governance and compliance across the organization.
In summary, resource groups in Azure are essential for organizing and managing related resources efficiently. They provide a structured way to deploy, manage, and monitor resources, ensuring that all resources within a group are treated as a single entity. This approach simplifies resource management, enhances security through RBAC, and improves cost management through tagging and policy application. Understanding and utilizing resource groups effectively is crucial for efficient cloud service management in Azure.
Define Azure Resources
Resource Group Management
Resource Group Policies and Permissions
Resource Group Deployment and Automation
Understand Resource Groups