Applying Tags – Compliance and Cloud Governance

As mentioned earlier, tags can be applied at the subscription, resource group, or resource level. You can always search for Tags in the Azure portal, and the portal will list all tags that are there in your environment, as shown in Figure 2.26.

FIGURE 2.26 Listing tags

You can add tags by navigating to any resource and click Tags, as shown in Figure 2.27.

FIGURE 2.27 Adding tags to resources

If you click the Name box, the portal will list all the tags that are currently available. If the tag is new, you can simply type in the name and it will be added. If you are selecting an existing key or name, the corresponding values are automatically displayed. If you want to add a new value, you can type that in. New tags that are added will take around 24 hours to reflect in Azure Cost Management for cost analysis. Also, any usage prior to the tag addition will not be included in the analysis. Azure Cost Management can display the usage only after tag addition if you are filtering using tags.

Summary

In this chapter, we discussed compliance and governance in the Azure cloud. We looked at a list of services that are responsible for bringing in compliance and governance. We started this chapter with Azure regions, as they are particularly important in maintaining data residency and data sovereignty.

Then we discussed Azure accounts and subscriptions and the several types of subscriptions offered by Azure based on your organizational requirements. Another key part of governance is running your workloads in a cost-optimized manner, so for this we looked at Azure Cost Management. Along with Cost Management, we saw how to plan the expenditure and what the optimization techniques are for controlling your cloud spending. The next topic of discussion was resource groups and how they help in the logical grouping of resources for access management, policy assignments, cost management, and lifecycle management. We also covered management groups, which can be used to logically group subscriptions. This grouping enables administrators to manage policies and access at a higher level than managing at the individual subscription scopes.

Azure Policy was the next service we discussed and the role it plays in keeping your environment in compliance with your organizational standards. We saw how we use the built-in policies and write custom policies to match your requirements. Also, if your organization wants to chain policies and assign them as a single unit, they can leverage initiatives. After Azure Policy, we talked about RBAC, which is responsible for access management in Azure. We covered the concepts related to Azure and how to make an assignment. In the exercise we created a custom role by cloning an existing role and assigned a user for assessing the role.

Towards the end of the chapter we covered resource locks and resource tags. Resource locks help in preventing accidental deletion or modification of the resources that are there in your production environment. On the other hand, resource tags are used for logically organizing the resources. We saw several use cases of tags including resource sorting, cost analysis, usage analysis, and building dashboards.

Throughout this chapter and in the previous one we used different mediums to manage Azure like the Azure portal, Azure PowerShell, and the Azure CLI. There are additional tools such as ARM templates, SDKs, and the REST API. In Chapter 3, “Virtual Networking,” we will see what management tools are available for administrators to manage their Azure cloud.