How can we improve the Azure Resource Manager?

Nested Resource groups

The resource group concept is great, by recently, we started hitting a limit. Resource groups is Azure can't be nested (a Resource group that contains other Resource groups), and consequently, when assigning user permissions to a resource group, it is simplier to create a single resource group and include all the needed resource groups in that group, then assigning the user permissions on that parent resource group. This is one of the many benefits and advantages of having nested resource groups

545 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Samir FARHAT (MVP) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    10 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Would like this for logical organization of resources. We have many many apps that all share one subscription. We can organize each app into a resource group, but within an app there may be many parts, and it would be nice to organize each of those parts in their own sub-resource group. Similarly, we have subscriptions with many users. It would be nice if each user can have their own resource group, but then within that resource group they can organize their various services into sub-resource groups. It would make browsing and finding relevant resources much simpler.

      • Daniel Earwicker commented  ·   ·  Flag as inappropriate

        Our application consists of a number of separately deployed parts with their own redeployment cycles. So each is continuously delivered (by its own TFS release config) that includes an ARM template, running in "complete" mode. So each ARM template must have its own dedicated resource group.

        But we have (at least) two instances of our whole application: test and production. We will likely add more production instances for different regions. We call these environments. Each has a dozen resource groups. At the moment there is nothing connecting them.

        If resource groups could form a tree, we could have a top level named after our application, under which would be complete environments such as Test, US, UK, etc., which in turn would contain resource groups for separately deployable parts of the application (ARM templates).

      • Anonymous commented  ·   ·  Flag as inappropriate

        We service multiple systems for multiple clients and having nested resource groups would allow us to partition first by client as well as system. We would also be able to separate resources used for staging/development vs production systems.

      • Alan M commented  ·   ·  Flag as inappropriate

        I would like nested resource groups to group resources into logical groupings so that it is easier to recognize which resources are related to each other within a large deployment. Once you go beyond a simple application with 3 to 4 resources in it, keeping track of which ones are related and dependent on each other is hard.

      • Mark commented  ·   ·  Flag as inappropriate

        I'd love to have nested resource groups. I can create a DMZ RG, then nest PublicDMZ and PrivateDMZ from there, and then break it down even further.

        Having 2-3 levels of nested capabilities will help organize things greatly.

      • Emmanuel commented  ·   ·  Flag as inappropriate

        I agree with this too. Nested resource group will help with organizing and RBAC

      • Sebastian Fyda commented  ·   ·  Flag as inappropriate

        There is a lot to gain from nested RG - from cost tracking to permissions management. I also do a lot of PoC where I cannot keep all the stuff in one RG. Having nested groups would make my life easier and my subscription cleaner.

      • MarkG commented  ·   ·  Flag as inappropriate

        I agree that this is a need, particularly for large global organizations with geo-distributed environments and IT departments. This is just like delegation of administration through OUs in AD. Now we can do this with RBAC and Resource Groups. This would be great for global orgs :)

      Feedback and Knowledge Base