How can we improve the Azure Resource Manager?

Nested Resource groups

The resource group concept is great, by recently, we started hitting a limit. Resource groups is Azure can't be nested (a Resource group that contains other Resource groups), and consequently, when assigning user permissions to a resource group, it is simplier to create a single resource group and include all the needed resource groups in that group, then assigning the user permissions on that parent resource group. This is one of the many benefits and advantages of having nested resource groups

659 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Samir FARHAT (MVP) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    20 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Samir FARHAT (MVP) commented  ·   ·  Flag as inappropriate

        After 3 years, we receive here a Decline, with an absurd, unlogical arguments in the response. I work closely with Azure PG, i would expect another argument like for Example: The Azure Architecture and how Resource Manager was designed and developed makes it very hard and complicated to implement this feature. But just saying use MG and Policies and declining the idea isn't fair

      • Ben Loveday commented  ·   ·  Flag as inappropriate

        In response to the comments suggesting Management groups and Subscriptions addresses this issue...they don't.

        Management groups can only contain subscriptions, and creating additional subscriptions doesn't make the management easier and ends up creating more challenges, particularly for smaller environments. Not sure why nested RG's isn't possible, considering this follows the same architecture as Microsoft's Active Directory, or even AAD to be fair with nested groups.

      • DanM commented  ·   ·  Flag as inappropriate

        This doesn't even make sense: We recommend customers to use a combination of Management Groups, Resource Groups and Subscriptions.

      • JH commented  ·   ·  Flag as inappropriate

        This would make Azure so much easier to manage. As of now, we're managing based on subscriptions and it's proving to be painfully difficult. Honestly, based on the need I'm surprised this isn't already available. Microsoft, do us a solid, and help a company out. Thanks!

      • Mark E commented  ·   ·  Flag as inappropriate

        Nesting resources by means of a tree or folder structure provides better visual organization and allows a logical grouping of associated resources.

      • Ashish Patel commented  ·   ·  Flag as inappropriate

        I agree with this request, nested resource group will help us to define logical group of resources of the micro-services

      • Anonymous commented  ·   ·  Flag as inappropriate

        It would be nice to group everything associated with a VM (disk, IP, network interface, VM itself, sometimes more) into a unit for ease of management. Nested resource groups would let me do this.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Would like this for logical organization of resources. We have many many apps that all share one subscription. We can organize each app into a resource group, but within an app there may be many parts, and it would be nice to organize each of those parts in their own sub-resource group. Similarly, we have subscriptions with many users. It would be nice if each user can have their own resource group, but then within that resource group they can organize their various services into sub-resource groups. It would make browsing and finding relevant resources much simpler.

      • Daniel Earwicker commented  ·   ·  Flag as inappropriate

        Our application consists of a number of separately deployed parts with their own redeployment cycles. So each is continuously delivered (by its own TFS release config) that includes an ARM template, running in "complete" mode. So each ARM template must have its own dedicated resource group.

        But we have (at least) two instances of our whole application: test and production. We will likely add more production instances for different regions. We call these environments. Each has a dozen resource groups. At the moment there is nothing connecting them.

        If resource groups could form a tree, we could have a top level named after our application, under which would be complete environments such as Test, US, UK, etc., which in turn would contain resource groups for separately deployable parts of the application (ARM templates).

      • Anonymous commented  ·   ·  Flag as inappropriate

        We service multiple systems for multiple clients and having nested resource groups would allow us to partition first by client as well as system. We would also be able to separate resources used for staging/development vs production systems.

      • Alan M commented  ·   ·  Flag as inappropriate

        I would like nested resource groups to group resources into logical groupings so that it is easier to recognize which resources are related to each other within a large deployment. Once you go beyond a simple application with 3 to 4 resources in it, keeping track of which ones are related and dependent on each other is hard.

      • Mark commented  ·   ·  Flag as inappropriate

        I'd love to have nested resource groups. I can create a DMZ RG, then nest PublicDMZ and PrivateDMZ from there, and then break it down even further.

        Having 2-3 levels of nested capabilities will help organize things greatly.

      • Sebastian Fyda commented  ·   ·  Flag as inappropriate

        There is a lot to gain from nested RG - from cost tracking to permissions management. I also do a lot of PoC where I cannot keep all the stuff in one RG. Having nested groups would make my life easier and my subscription cleaner.

      • MarkG commented  ·   ·  Flag as inappropriate

        I agree that this is a need, particularly for large global organizations with geo-distributed environments and IT departments. This is just like delegation of administration through OUs in AD. Now we can do this with RBAC and Resource Groups. This would be great for global orgs :)

      Feedback and Knowledge Base