Here you will learn to create a new Azure account and understand the Subscriptions, Management Groups and Resource Groups, and Role-Based Access Control.
When you create an account for the first time, you will be offered a 30 free trial that includes $200 of credit. After the 30 days, a number of services will continue to be free for the first 12 months - these include;
- 5 GB of storage
- 250GB Azure SQL Database
- 15GB Data transfer
- 750 hour of a small VM (B1S)
- 25GB Cosmos Db database
- 750 hours VPN Gateway
During and after 12 months, the following services continue to be free
- 5 GB Data transfer
- 5 GB Cosmos Db
- 10 Web, API or Mobile Apps
- 50 Virtual Networks
These represent just some of the available free services, for a full list see the following link
Creating an Azure Account
Creating a new Azure account is straightforward, simple follow these steps.
- Go to https://azure.microsoft.com/free and click 'start free'.
- Sign in with a Microsoft or Github account
- Select your country or region, and your details such as name, email, and contact number
- Verify your identity by phone using either call back or text message
- Review and accept the agreement and privacy statement
Once a signup is complete, you will be taken to the Azure portal at https://portal.azure.com
Subscriptions, Management Groups and Resource Groups, and Role Based Access Control (RBAC)
Before we being, you need to understand a bit about Subscriptions and resource groups.
A subscription is a logical container for resources in Azure, such as VMs, Web Apps, SQL Databases, etc., and also defines a billing boundary. In other words, you must associate a payment method with each subscription. You can associate different subscriptions with different credit/debit cards. The exception to this is if you sign up for an Enterprise Agreement with Azure. This is for larger companies that are prepared to make annual commitments to Microsoft.
Your first subscription is created for you when you first signed up, along with an Azure Tenant.
An Azure Tenant is a user database based on Active Directory. The user you used to sign up for your subscription is made the administrator of that Azure Tenant, giving you full access to create and manage other users or assign access rights. You can create multiple subscriptions within a single Azure tenant. However, each subscription can only belong to a single Azure tenant.
We can assign users to an Azure subscription by granting user's a role against the subscription - and Azure provides a number of built-in roles or you can define your own. Known as Role Based Access Controls, you can see a list of all built-in roles here.
By default, your user is granted the highest level role to the subscription, which is Owner. If you create other accounts in your tenant, or invite guest users into your tenant, you can assign other roles.
In the Azure portal, at the top of the screen is a search bar, type
subscriptions, then select
Subscriptions from the options that appear.
Select your new subscription, then on the left-hand menu, click Access Control. In the page that appears, click
Add Role assignment
You can then select a user and role to assign.
You might not always want to assign users at the subscription level. So the next level down is a resource group.
Much like a subscription, a resource group also defines a logical group for your resources. In fact, every resource you create in Azure must belong to a resource group.
Resources groups provide a way to different services within a subscription. For example, you might build multiple applications within a single subscription and separate the components into different resource groups.
Users can be assigned rights at the subscription level, resource group level, or component level, and role assignments are hierarchical, meaning they flow down and combine.
Finally, when you have multiple subscriptions, you can optionally create
Management Groups - these provide a higher level, hierarchical structure that is useful for larger organizations.
The key point to remember is that all resources must belong to a resource group, resources groups belong to subscriptions, and subscriptions can optionally belong to Management Groups.
Although we could now get started creating service in Azure right in the portal, we will have a quick look at how they are built and deployed.
All Azure components, whether IaaS, PaaS, or FaaS/Serverless, are built using Azure Resource Manager (ARM) Templates, therefore we will learn about these building blocks next.