Azure Tags, Resource Group and Access Control
AWS provides Tags, Resource Group and IAM (Identity Access Management) features which help end-users a lot on cloud resources managing.
- Tags enable users to categorize cloud resources in different ways (such as purpose, owner, or environment). With consistent set of tag keys and values makes it easier for you to manage your resources also the billing;
- Resources Group is collection of resources that shared on or more tags. It can span regions, services and can be used to organize and consolidate information you need on a per-project basis;
- IAM (Identity Access Management) enables you to securely control access to cloud services and resources for your users. With IAM you can manage users, groups, and use permissions to allow and deny their access to cloud resources.
I waited Microsoft for a year and suddenly realize, the similar features are already available in Azure Portal.
- Enable you to categorize resources according to your requirements for billing;
- Can be shared between resources or resource groups;
- Available for almost of Azure cloud resources.
Azure Resource Group
- Is a container that hold related resources for an application or just logically group some services together;
- All resources in a given group must share same lifecycle (must deploy, update and delete them together);
- You can add or remove a resource to a resource group at any time;
- You can also move resource from one resource group to other group;
- Resource group can contain resource from multiple regions and can be used to scope access control for administrative actions;
- Each resource can only exist in one resource group.
Azure Access Control
- Enable you to control who has access to specific actions for your organization;
- Natively integrates OAuth and Role-based Access Control (RBAC);
- Can add users or roles to a subscription, resource group or resource to limit access;
- Automatically logs user actions for auditing.