When you create, update, and delete resources in Azure you are using the Azure Resource Manager (ARM). Azure Resource Manager provides access control, tagging, auditing of your resources.
In this article, you use the portal, PowerShell, the Azure Command Line Interface (CLI) to create, manage access and delete resources. Links are provided in the reference section of this chapter for you to learn how to manage resources using the REST API.
You create resources in either an imperative way by describing each of the steps and feature with scripts. In a following post, you will learn how to create resources using a declarative syntax with an ARM template to describe the features and properties.
Learn about each of the features of resource groups and resources in the following sections:
- Create resources in Azure portal
- Create resources using code
Prerequisites
To article you need to have:
- Access to an Azure subscription
- Installed Azure PowerShell and Azure CLI,.
Definitions
You can create and delete resources and set the properties of a resource in the Azure portal.
A resource is a manageable item such as a storage account or database. In this section, use Storage Account to become familiar with a resource.
A resource group is a (uhm) group of resources. For example, you can create a resource group that includes a web application and its database. The resources share a common lifecycle for you to create and delete the resources as a unit, yet you can add or remove resources from a resource group. Each resource exists in a one resource group.
The following illustration (from the Microsoft documentation) shows resource group containing resource.
A subscription organizes your resource groups and resources into billable units.
The following chart shows how resources and resource groups are organized into subscriptions.
Create resources in Azure portal
Let’s begin by creating a resource in the Azure portal. In this case, you will create a simple storage account. As part of that process you will create a resource group.
Go to azure.com and log into the portal using the Portal button in the upper right corner.
You can optionally provide a list of your favorite resources along the left side of the portal. To do so, click the gear button in the upper right near your name, and set the portal settings. In this and the other articles, you will see the portal menu docked.
Create resource group in portal
Next, click Create Resource type Resource Group to search Azure Marketplace. When you type enter, you see a list of resources.
Click the Resource Group card and click Create. A resource group needs a name and location. This is the location where the information about the resource group is stored.
The following illustration shows how to fill in the required data for a resource group.
You will want to group resources together inside a resource group.
It is a best practice to group your resources into a resource group based on
- Common lifecycles
- Common resource access
For example, an App Service should be in the same resource group as the Storage Account blobs it uses. The lifecycle of creating, managing, and deleting the resources would happen together.
Also consider who (or what applications) will have access to the resources. You can assign access for most resources at the resource group level.
The resource group name must be fewer than 90 characters and can contain dashes.
Location of resources
The individual resources can be created in other locations, but during an outage, you may have access to the resource group data, but not the resources or vice versa.
It is a best practice to assign the location of the resource in the same location as your resources.
Tags in resource groups
Before you click create, click Next: Tags to add tags your resouces. Apply tags to your Azure resources, resource groups, and subscriptions to logically organize them into a taxonomy.
Tags are name/value pairs that you use to further identify the resource group or resouces. For example, you use tags to aid in your searching in Azure Monitor or to search for resources in the portal.
See Resource naming and tagging decision guide for best practices.
Click Next: Review + create. Click Create. You have created a resource group that you can use when creating resources.
Create resource group in the context of a resource
Often, when you create your first resource in a resource group, you will create a resource group in the context of creating a resouce. Click Create Resource type Storage Account to search Azure Marketplace. Select the Storage Account option.
Click Create on the next panel.
As you fill in the properties, you can select an existing resource group or create a new one. Click Create resource group to see the popup where you can set the resource group name.
Whenever you create a resource, you will need to assign a resource group. In this case, use the naming convention that you have selected.
It is a best practice to follow naming standards to help you quickly identify resources for your scripts and in your billing statements.
Create resources using code
In this section, learn to create and manage resources using code: PowerShell, Azure CLI.
Before we start, there are other ways to create and manage resources. To learn how to use:
- C# to create and manage resources with the Azure Libraries for .NET, see Azure Libraries for .Net
- Python to create and manage resources with the Azure SDK for Python, see Azure SDK for Python
Throughout this blog, you learn to create and manage resources using PowerShell and the Azure CLI. In each case there is a lifecycle that uses the following pattern.
- Log in to Azure and select subscription
- Set environment variables to specify the names of the resource group and resource
- Create the resource group
- Create the resource
- Set properties in the resource, such as tags
- Show the resource
- Remove the resource group
You can get the subscription ID from the portal.
Create resource group and a resource using PowerShell
The following PowerShell script demonstrates the lifecycle pattern with these steps:
| Connect-AzAccount | |
| # You may have more than one subscription. | |
| $SUBSCRIPTION_ID= Read-Host –p "Enter your subscription id" | |
| Select-AzSubscription –Subscription $SUBSCRIPTION_ID | |
| # Set environment variables | |
| $LOCATION = Read-Host –p "Enter your region, such as WestUS " | |
| $RESOURCE_GROUP_NAME = Read-Host –p "Enter your resource group name " | |
| $RESOURCE_NAME = Read-Host –p "Enter the name for your app service plan " | |
| $TAGS = @{"Environment"="dev"; "Location"=$Location; "Cost Center"="111222"} | |
| # create a resource group | |
| New-AzResourceGroup –Name $RESOURCE_GROUP_NAME –Location $LOCATION ` | |
| –Tag $TAGS | |
| # Create a resource, in this case an App Service Plan | |
| New-AzAppServicePlan –Name $RESOURCE_NAME ` | |
| –Location $LOCATION –ResourceGroupName $RESOURCE_GROUP_NAME ` | |
| –Tag $TAGS | |
| # Get the resource as a PowerShell object | |
| $plan = Get-AzAppServicePlan –Name $RESOURCE_NAME –ResourceGroupName $RESOURCE_GROUP_NAME | |
| Write-Host $plan |
TAGS are a hashtable in PowerShell. The tags are separated by a semi-colon. You can replace the tags using New-AzTag and applying it to the resource id property.
To make changes to a resource, you will often need the resource or resource group id. The id looks like /subscriptions/9f241d6e-16e2-4b2b-a485-cc546f04799b/resourceGroups/rg-wus-myap
The following example shows how to update the tags using the resource group object
Note that the code uses Update-AzTag with the -Operation parameter to Merge.
You can remove the resource group and the resources contained in the resource group. The following PowerShell script shows how to remove a resource group and the resources within the group.
| Remove-AzResourceGroup –Name $RESOURCE_GROUP_NAME |
If you want to remove a single resource, use Remove-AzResource.
For other steps you can take in the lifecycle using PowerShell, see Manage Azure resources by using Azure PowerShell in the Azure documentation.
Create resource group and resource using Azure CLI
You can do the same steps using the CLI. The following CLI script demonstrates the lifecycle pattern with these steps:
| az login | |
| # set environment variables | |
| read -p "Enter your subscription id: " SUBSCRIPTION_ID | |
| read -p "Enter your region, such as WestUS (no spaces): " LOCATION | |
| read -p "Enter your resource group name, such as 'rg-wus-testme-01': " RESOURCE_GROUP_NAME | |
| read -p "Enter the name for your app service plan, such as 'plan-wus-testme-01': " RESOURCE_NAME | |
| # sets the default subsciption | |
| az account set $SUBSCRIPTION_ID | |
| TAGS=("Cost Center = 111222" "Location=West US") | |
| az group create –name $RESOURCE_GROUP_NAME –location $LOCATION –tags "${TAGS[@]}" | |
| az appservice plan create –name $RESOURCE_NAME –resource-group $RESOURCE_GROUP_NAME –tags "${TAGS[@]}" |
In the example the TAGS environment variable is an array in Bash. So when you pass it into the use --tags "${tags[@]}". This passes in the array and will preserve the spaces in your tags.
You can replace the tags in the resource group using the following code:
The same syntax can be used when you create or update a resource group or resources using the --tags parameter.
To update the tags with the --set parameter, you will need to pass the key and value as a string. The following example appends a single tag to a resource group:
| TAG="Cost Center='Account-56'" | |
| az group update –name $RESOURCE_GROUP_NAME –set tags."$TAG" |
To remove the resource group, use az group delete command as shown in the following example.
| az group delete –name $RESOURCE_GROUP_NAME |
Summary
In this article you learned of the life cycle of the resource groups and their resources. You learned how to create resource groups and resources using PowerShell and the Azure CLI. And you saw some examples of the tricky syntax around tags.
References
- Governance design for a simple workloadAzure resource providers and types
- Recommended naming and tagging conventions
- Resource access management in Azure
- Space separated values; how to provide a value containing a space
Resource Manager cheat sheet
| PowerShell | Azure CLI | |
|---|---|---|
| Log in to Azure | Connect-AzAccount |
az login |
| Select Subscription | Select-AzSubscription |
az account set |
| Create resource group | New-AzResourceGroup |
az group create |
| Create resource | New-Az |
az create |
| Show resource | Get-Az |
az show |
| Remove Resource Group | Remove-AzGroup |
az group delete |
| List providers | Get-AzResourceProvider |
az provider list |
| Add user | New-AzRoleAssignment |
az role assignment create |
AzureDays 