Chuyển tới nội dung chính

Azure Overview

Azure Architecture Hierarchy

Subscription Management

Create Subscription Structure

Recommended Structure:
├── Production
│   ├── Prod-Applications
│   ├── Prod-Data
│   └── Prod-Networking
├── Non-Production
│   ├── Dev-Sandbox
│   └── Test-Environment
└── Shared Services
    ├── Shared-Identity
    └── Shared-Monitoring

RBAC (Role-Based Access Control)

Common Built-in Roles

RolePermission ScopeUse Case
OwnerFull controlSubscription administrator
ContributorCreate/manage resources, cannot grant permissionsDevelopment team
ReaderRead-onlyAuditors
User Access AdministratorManage access rights, cannot manage resourcesPermissions administrator

Assign Roles

# Assign Contributor role to user at subscription scope
New-AzRoleAssignment -SignInName user@contoso.com `
  -RoleDefinitionName "Contributor" `
  -Scope "/subscriptions/<SUBSCRIPTION_ID>"

# Assign at resource group scope
New-AzRoleAssignment -SignInName user@contoso.com `
  -RoleDefinitionName "Contributor" `
  -ResourceGroupName "MyResourceGroup"

Azure Policy

Example: Enforce Tags

{
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "field": "tags['Environment']",
      "exists": "false"
    },
    "then": {
      "effect": "deny"
    }
  }
}

Cost Management

Set Budget Alerts

# Create budget
$budget = New-AzConsumptionBudget -Name "MonthlyBudget" `
  -Amount 10000 `
  -TimeGrain Monthly `
  -StartDate (Get-Date) `
  -Category Cost `
  -ContactEmail admin@contoso.com

Next Steps