Resource Groups

Difficulty: easy

Overview

Azure Resource Groups are logical containers that hold related Azure resources for a solution or workload.

Key Characteristics:

Every Azure resource must belong to exactly one Resource Group.
A Resource Group has a region (for metadata storage), but can contain resources from multiple regions.
Resources in a group share the same lifecycle — you can deploy, update, or delete them as a unit.

Benefits:

Lifecycle Management: Delete a Resource Group to atomically delete all resources inside it — ideal for ephemeral environments (dev, test, demos).
RBAC: Role assignments at the Resource Group level propagate to all contained resources.
Resource Locks: Apply CanNotDelete or ReadOnly locks to protect all resources in the group from accidental changes.
Tags: Apply metadata tags at the group level for cost attribution and governance.
Azure Policy: Policies scoped to a Resource Group enforce governance on all resources within it.

Azure Hierarchy:
Management Group → Subscription → Resource Group → Resource

Resource Locks:

CanNotDelete: Allows reads and updates, blocks deletion.
ReadOnly: Blocks all modifications and deletions. Similar to Reader RBAC — nothing can be changed.

Best Practices:

Separate Resource Groups per environment (dev/staging/prod).
Group resources by lifecycle — resources deployed and deleted together belong together.
Resources can be moved between Resource Groups (most types support this via az resource move).

Practice Linked Questions

easy

Q1. What is the primary purpose of an Azure Resource Group?

Select one answer before revealing.

medium

Q2. A team wants to prevent accidental deletion of a production Azure SQL Database while still allowing configuration updates. What is the correct solution?

Select one answer before revealing.