Azure is a versatile cloud platform. Customers can not only create and deploy their applications; they can also actively manage and govern their environments. Clouds generally follow a pay-as-you-go paradigm, where a customer subscribes for a subscription and can deploy virtually anything to the cloud. It could be as small as a, basic virtual machine, or it could be thousands of virtual machines with higher SKUs. Azure will not stop any customer from provisioning the resources they want to provision. Within an organization, there could be a large number of people with access to the organization's Azure subscription. There needs to be a governance model in place such that only necessary resources are provisioned by people who have the right to create them. Azure provides resource management features, such as Azure Role-Based Access Control (RBAC), policies, and locks, for managing and providing governance for resources.
Another major aspect of governance is cost, usage, and information management. An organization's management would always want to be kept updated about their cloud consumption and costs. They would like to identify what team, department, or unit is using what percentage of their total cost. In short, they want to have reports based on various dimensions about consumption and cost. Azure provides a tagging feature that can help provide this kind of information on the fly.
In this chapter, we will cover the following topics:
- Azure tags
- Azure policies
- Azure locks
- Azure RBAC
- Implementing Azure governance features