Organizing the Cloud: Subscriptions, Resource Groups, and Management Groups

In the last post, we looked at the Physical Architecture (Regions and Datacenters). That is where your data physically sits.

Today, we look at the Logical Architecture. This is how you organize, bill, and manage your resources.

Think of it like a corporate office: You have the building (Physical), but inside, you have Departments, Managers, and Teams (Logical).

The Azure Hierarchy

To keep things organized, Azure uses a strict 4-level hierarchy. You must memorize this order:

  1. Management Groups (Top Level - Governance)
  2. Subscriptions (Billing & Access)
  3. Resource Groups (Logical Containers)
  4. Resources (The actual instances)

1. Resource Groups (The Folders)

A Resource is anything you create: a Virtual Machine, a Database, or a Virtual Network.

A Resource Group (RG) is a container that holds related resources for an Azure solution. Think of it like a folder on your desktop.

⚠️ The 3 Golden Rules of Resource Groups:

  • One Home Only: A resource can only exist in one Resource Group at a time.
  • Mixed Regions: You can have a Resource Group in "East US" that contains a Virtual Machine in "West Europe". The group's location only stores the metadata (logs).
  • Lifecycle Management: If you delete a Resource Group, everything inside it is deleted. This is great for cleaning up test labs instantly.

2. Subscriptions (The Credit Card)

You cannot use Azure without a Subscription. This is the Billing Boundary.

  • Billing Boundary: Azure generates a separate invoice for every subscription. A company might create two subscriptions: "Production" (Bill goes to IT Dept) and "Development" (Bill goes to R&D Dept).
  • Access Boundary: It is also a security fence. If you are an Administrator on Subscription A, you do NOT automatically have access to Subscription B.

3. Management Groups (The CEO)

What if your company is huge and has 50 different Subscriptions? How do you apply a rule to all of them at once?

You use Management Groups.

These sit above subscriptions. If you apply a policy here (e.g., "Nobody can create servers in Japan"), that rule automatically trickles down to every subscription and resource group below it.

Azure Hierarchy: A graphical representation

PC: Microsoft

Analogy Recap: The Corporate Structure

Azure Level Corporate Analogy Primary Function
Management Group Headquarters / CEO Governance & Compliance across the whole company.
Subscription Department (HR, IT, Sales) Billing & Budgeting.
Resource Group Project Folder Lifecycle (Group things that live and die together).
Resource Individual File The actual tool doing the work.

Congratulations! You have finished the "Architecture & Concepts" module. 🎉

Next, we start the hands-on fun. Get ready to build your first server as we explore Compute Services: VMs vs. Containers vs. Serverless.

Newer Older