Best Practices
1. Organize Resources with Management Groups, Subscriptions, and Resource Groups
Best Practice: Use management groups for policy enforcement, separate subscriptions for environments (dev, test, prod), and resource groups for logical grouping.
Example:
az account management-group create --name platform
az account management-group create --name prod --parent platform
az group create --name rg-app-prod --location westeurope2. Infrastructure as Code (IaC)
Best Practice: Use Terraform or Bicep for declarative, version-controlled infrastructure.
Terraform Example:
resource "azurerm_resource_group" "main" {
name = "rg-app-prod"
location = "westeurope"
}Bicep Example:
resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
name: 'rg-app-prod'
location: 'westeurope'
}Common Pitfall: Manual changes in the portal can cause drift. Always use IaC for changes.
3. Secure Identity and Access
Best Practice: Use Azure AD for identity, enable MFA, and apply least-privilege RBAC.
Example:
Common Pitfall: Assigning Owner role too broadly. Use custom roles for fine-grained access.
4. Secrets Management
Best Practice: Store secrets in Azure Key Vault, never in code or pipelines.
Example:
5. Automate Deployments with CI/CD
Best Practice: Use GitHub Actions or Azure Pipelines for automated builds, tests, and deployments.
GitHub Actions Example:
Azure Pipelines Example:
6. Monitoring and Observability
Best Practice: Enable Azure Monitor and Log Analytics for all resources. Set up alerts for critical metrics.
Example:
7. Cost Management
Best Practice: Use budgets and cost alerts. Tag resources for cost allocation.
Example:
8. Common Pitfalls
Not using IaC for all changes (leads to drift)
Over-permissioned identities
Ignoring monitoring and cost alerts
Hardcoding secrets in code or pipelines
References
Joke: Why did the Azure resource group break up with the VM? It needed more space!
Last updated