Governance in Azure or any location is a complex topic that requires a lot of thought and planning. During the DevOps Enterprise Summit, Josh Atwell tweeted an excellent summary from what compliance is VS governance.
What are some of the challenges you will face?
- How do I meet our legal requirements for data soverignty?
- How do I enable charge back across departments / Teams
- How do I ensure that someone does not inadvertently change a critical system?
To address these questions, you can break it down into 4 pillars:
- Naming Convention
- Resource Tags
- Resource Locks
Verbose Azure subscription names make understanding the context and purpose of each subscription clear.
Sample naming convention:
|Company||Department||Product Line or Service||Environment||Full Name|
|TLAB||satAZUREday||AwesomeService||Production||TLAB satAZUREday AwesomeService Production|
|TLAB||SocialGaming||AwesomeService||Dev||TLAB satAZUREday AwesomeService Dev|
Verbose azure resources names make it easy to understand the purpose and workload.
|Resource Groups:||RG-Region-Type-Subtype/Workload||RG-CC-VM-Identity, RG-CE-Network|
Azure Policy is a service in Azure that you can use to create, assign and manage policy definitions.
Policy definitions enfore different rules and actions over your resources, so those resources stay complian with your corporate standards and service level agreements.
See my blog post on Azure Policy for more information.
Resource Tags are extermely important to associate resources with the appropriate tags. ex: department, customer, environment.
Resources tags are flexible and easy to implement. It can be included in your ARM templates.
Examples of common resource tags are:
- Department (or Business Unit)
- Environment (Production, Stage, Development)
- Tier (Web Tier, Application Tier)
- Application Owner
Resource locks enable you to restrict operations on high-value resources where modifying or deleting them would have a significant impact on your applications or cloud infrastructure.
You can apply locks on subscriptions, resource groups and individual resources.