Created
September 19, 2019 15:20
Revisions
-
noelbundick created this gist
Sep 19, 2019 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,15 @@ Some quick thoughts on using many Azure subscriptions vs many resource groups in one subscription * Limits are applied at the subscription (+ sometimes region) level. If one RG uses 500 cores, other business units may be blocked until you open a support request. * Preview features are applied at the subscription level - other RG's can't opt-in/out. Ex: if you wanted to use the AKS + VMSS preview, you need to be sure that all teams want (and can support) the feature * This is really hit & miss, but there are some actions that can't be performed based on other resources being present in the same subscription https://docs.microsoft.com/bs-latn-ba/azure/storage/common/storage-auth-aad-rbac-portal ``` If your subscription includes an Azure DataBricks namespace, roles assigned at the subscription scope will be blocked from granting access to blob and queue data. ``` * Azure Cost Management works across both Subscriptions & Resource Groups (and Management Groups!) * You can apply RBAC across subscriptions (if they are in the same AAD tenant) to grant read-only, "attach to VNET", etc. So it's not an either/or scenario * The management challenge is present in both approaches - you still want to figure out how to define & manage N groups. Your scripts/tools might change, but the concepts are the same