What you NEED TO KNOW about tags and policies to PASS your Azure Exam

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone let's get into some ac305 content today let's go and have a look at tags and let's go and have a look at policies and get straight into this content remember # like And subscribe you know the usual routine Bell icon subscribe button and let's go and work on some Azure tags and policy systems that will help you out in passing your Azure [Music] examinations morning everyone or afternoon or evening or but you know what just hello um right so we're going to get into a new series of videos and here I want to go and discuss information that is actually valid to the a305 courses the Azure architect courses um this information all also kind of runs into a 104 a900 and well pretty much any bger course it all kind of welds together but either way at the moment and today we're going to go and check out something to do with tanks and we're going to check out a little bit to do with policies okay policies is that you spelled policies hey Siri how do you spell policies p o l i c i e s p yes yeah that works just like most people in it I can't spell for tofe guys everything is an acronym so what we're actually going to do here is we're going to create some resources we're going to create a couple of resource groups we're going to create a resource group called Apple okay and we're going to create a resource group called peir all right and in these resource groups we're going to create some things so we're going to do most of this through Powershell just for just for funsies and these resource groups themselves are going to create some things inside them we're going to create some v-ets we're going to have v-net one v-net 2 and v-net three inside here two there's two and inside pair we're just going to create some diss we're going to do dis one we're going to do dis two and we're going to do disk three and what we're going to do is we're going to actually tag these things now all tags are are key value pairs that's it they help to organize resources in Azure so in this case my tags are actually going to be fruit is equal to Apple and another tag called fruit is equal to whoops let neaten that up a bit fruit is equal to pair okay and these two tags we are actually going to apply to our Resource Group level now interestingly these tanks don't flow down so if if we apply a tag to a resource Group and these resource groups get tagged those tags don't apply down here into these resources so maybe we have another tag in this case we might have a tag that says projects is equal to a z305 now if we want that tag to be applied to all of our resources inside our resource groups what we're actually going to need to do is we're going to need to apply that basically individually to each of these items as we go through that is a bit annoying to do in the interface so what we've got if we is we've got some nice Powershell to do this with a lovely for Loop inside there to go and crunch through each of these resources and actually apply those tags to there so you're going to see the Powershell for applying tags and you're going to see the poers shell for applying tags to multiple resources what they actually going to do is we're actually going to create a new virtual machine Resource Group and we're going to call this UK VMS or UK virtual machines but inside here what we're going to do is we're going to create a virtual machine that actually exists in East Us in America all right and what we're going to do is we're going to prove a couple of things here first of all a resource Group actually has a location as well so if this Resource Group is set to UK South you will be able to see that this Resource Group can actually take resources that exist in other locations but we can also create policies so if we create up here a policy and inside this policy we are going to do something called allowed locations locations and in this allowed locations policy what we're going to do is we're going to restrict this to only take resources that exist in UK South and when we apply that to this Resource Group you'll see a couple of things number one you'll see that this resource over here this America resource that's living in East US isn't compliant to a policy here but it doesn't get destroyed it does actually doesn't go in and just randomly delete your stuff because you've messed up a policy but what we will do then is we will try from the portal over here to create another virtual machine that's actually also existing in America and we'll try and deploy this back to this Resource Group that has this policy applied and you'll see that that actually gets denied okay so what means is if we apply policies that actually restrict certain things um maybe those policies are for things like tag enforcement to make sure that people have to actually deploy tags to a resource or maybe those policies are doing in this case a location restrict ction if we've got existing resources we're not going to for the most part break things inside our environment if that stuff already exists and it's not compliant but anything future will be prevented from performing the action by the policy itself so let's get into it and have a look at some demos related to these TXS and policies and build out this infrastructure that I'm drawing out all right then guys let's get straight into this so I'm going to launch up Edge I mean it could launch up Chrome if I wanted to or if I want to be very adventurous Firefox if I want to be really adventurous I could launch something like links browser if you don't know what links browser is guys go Google that thing a text based Linux browser anyway let's go into portal. azure.com and we'll start to get into some tag creation and some resource creation and we can see how this stuff works so I'm just going to log in here directly into the Azure portal that's all good and what I'm going to do is no I don't want to synchronize my data as soon as this thing pops up we're going to fire up the Azure Cloud shell and in this Azure Cloud shell we're going to run a little bit of Powershell uh so I'm going to run this as po shell and we'll create some storage here while it's doing that I'm going to pop up here the Powershell ISC because what I want to show you is some Powershell in relation to uh creating resources in a second it's easier to kind of just break it down in um in ISC rather than in Cloud shell as it's wonderful as Cloud shell is it's a bit sketchy for working with large amounts of code um I mean partial ISC is fine but you know you want to use vs code today it's just what I have installed on this lab environment so my cloud shell should be up and running now he says authenticating to aure getting through getting through all right cool so let's go and make some resource groups so I'm going to use this one I'm going to use a resource Group of apple and we're going to create another Resource Group here and we're going to create a resource Group of pet um if you wondering what all of this stuff is here this kind of like big block of text appearing this is actually Powershell Cloud shell going a bit mad because Microsoft have this Auto prediction system in here and it's trying to kind of Auto predict things and it's going a bit crazy there's no real way to turn that off either you're just going to have to deal with it so we've got two resource groups created if we go into resource groups here well I say there's no way to turn it off I mean instead of using the cloud shell here we could remote connect to it with our terminal uh so we've got two things uh apple and pear actually created now what we're going to do is we're going to set this lovely little thing up we're going to set a verbos preference to continue what that's going to do is for my shell it's going to give me more output this is actually really really freaking useful uh so instead of just seeing something like okay my uh thing is deploying please wait undetermined amount of time it will actually say please wait deploying and it will tell you all the individual St steps of what it's actually doing to do that deployment so what we're going to do is I'm going to paste in some code here and this is what we're going to build let's make that a little bit bigger so we're just going to build three virtual networks vnet 1 vet 2 vet 3 and they in a nice little for each Loop over here um and you can see we're just going to use this new a virtual Network subnet config to create address prefixes in each of these subnets we just going to make some resources that we can actually tag in a moment so I'm going to grab that code here I'm going to paste that in this plain text and it should hopefully kick through and work now there's another couple of ways you can kind of accomplish this this for pasting code into the Powershell Cloud shell I mean I could create a Powershell file and actually go execute that as a PS1 script that would kind of work as well um I could go and upload this to a git repository and then download it again U there's a few different ways of accomplishing this either way this is the simple way at the moment so if I go into apple as this Resource Group inside here I should have not one v-net refresh refresh please refresh again there we go three v-ets rule number one of a if at first you don't succeed refresh refresh refresh okay so let's go and have a look at the next block of code I'm going to run down here this is just going to create three discs as well again I'm just creating some resources it's buried inside the for reach Loop if you want to know how to do for each Loops go watch my Powershell videos okay and you know the routine hasht like And subscribe and all that lovely stuff so let's go and create some discs as well this is actually going to create these discs inside the resource Group of P pair so if I go into pair and I click refresh here uh we should see these discs starting to flow in in a moment refresh refresh some more yeah try getting this view you'll get there come on wakey wakey okay let's just try closing that whole thing let's try opening it up again let's try refreshing it one more time still no resources okay let's just check they haven't gone into the wrong one no it's gone to Apple and this one has gone to P there they are diss one two and three refresh the portal is not real time it's querying a backend API sometimes it lags a little bit that's just normal you find that in other cloud services as well not just Azure so in the portal we're going to go and navigate to the resource groups we're going to open up Apple and we're going to actually apply some tags to this so you can tag IND individually on resources if you really want to or you can tag at this case you can actually tag on whole resource groups so here I'm just tagging the resource Group level for fruit and apple now on here as well just take note that if you do this tag here for fruit apple and we go back to overview and we go back to something like v-net one you'll notice that v-net one has a tag except it doesn't the tags don't actually inherit down here okay so what we're going to do is we're going to go into pair and we're just going to tag pair as well so let's go into the pair Resource Group this is just doing a tag on the folder itself fruit is equal to pair okay um and again we'll just go and check a look at the disk one inside here let's go into pair close that off go into pair we're going to go and have a look at DIS one and notice that we don't actually have any tags actually set on here at all uh so what I want to do now is I want to actually get some more code going here in Powershell so what we're going to do is we're going to Crunch through some resource groups we're actually going to Crunch through in this case these two resource groups apple and pear this is actually just specifying this little at here is actually going to be an array and what I'm going to do is the tags I'm going to apply are going to be this notice this has got curly brackets not normal parentheticals that's because this information inside here is a hash table not an array so a tag is a hash table and then what we're going to do is we're going to Crunch through each of these we're going to apply this so for each Resource Group in resource groups process through each one of them okay then what we're actually going to do is we're going to actually go and replace in here applying the tag to resource resource group. resource name and the set e resource with the resource Group ID with the new tags so note the note the comments here get all the resources in the resource Group Loop through each resource in those resource groups and apply the tag and then merge the existing tags with the new tag and then apply those tags to the resource itself now let's go and see what kind of output we get for all of that so let's take this big huge block of code here and let's just go to paste that in as plain text directly into the cloud shell and go and run this thing so look what it's doing we've got some verbos outputs as well the verbos outputs is because we've turned on that switch earlier that nice little um variable and you'll notice that we can actually see it's actually crunching through each of those resources if I didn't have the verbos output on I would just be sitting here with a blank Cloud shell and not knowing if this thing is actually doing anything so now if I go back and actually return to that Resource Group pair and which I'm already in and select that dis one which I'm already in let's go back and refresh this we should be able to see see that our tags are actually applied we've got project is a value of a305 lab work that's nice now what we can actually do is we can go and filter for these specific tags in other services so if I go and have a look at Cost management and billing over here uh let's go into cost management and billing and down here u under this under cost management so in here I can go and analyze my costs I can look at my invoices I can look at how I'm going to pay Microsoft I can even look at fun stuff like a advisor recommendations in here and this will tell me if I'm overspending uh maybe I'm spinning up virtual machines that are way too big for me uh and it's going to tell me you might want to reduce those sizes of virtual machines that's quite cool uh so what we can do here as well is inside cost management uh we can go to cost analysis and inside cost analysis we can start to filter things down so for example where we going to go to uh we can go and have a look at our resource groups down here here and if we go into resource groups we can see a list of the costs related to my specific resource groups that's quite a few on this subscription uh from various different lab services but eventually what you should be able to see is anything that's currently containing costs for our environment now the the problem is here I don't actually have those costs listed yet because those networks and the uh the resources in those resource groups are so new but eventually what we'll end up seeing is the costing for for example the resource Group of apple and the resource Group uh pair what I can also do inside here is if I click on this customize view at the top and scroll down to convert to customize view so a couple of clicks there we can actually go and get a little bit more granular information down here and group things slightly differently and see this information slightly differently so we can actually say for example Group by our Resource Group name down here we can also Al Group by cost allegation frequencies meters products all sorts of fun stuff we can also even go and cou here by tag so if we've got for example multiple services and multiple things that deployed across multiple environments or I say environments multiple resource groups we can go and look instead of the resource Group level we can go and look at the specific uh tag that we actually want to go and check out here again my tag isn't actually being listed just yet uh it's probably because it needs a little bit of time to actually appear in the system but if I go and select another tag down here like for example if I go and grab something like this application tag you'll see all of the resources that are related to this specific application tag okay now what we can also do is we can react to these tags in different ways as well which is quite nice so one of the things that we could actually do with tags is maybe you're getting into this habit of saying right we have tags we want to be able to filter with tags we want to be able to open up this tag system on the Azure portal and we want to be able to kick click things like project a305 lab workor and see all of the things that has that tag irrespective of which resource Group they're plugged into but we have a situation where uh we need to actually tag this stuff we need to actually force people to tag and we can do that with policies in fact we can do a number of things with policies down here as well so if we go and check out policies inside Azure we going and click on policy here uh you'll see we have a whole bunch of policies available to us so if we go into definitions for policies and we scroll down here through definitions you'll see there's a whole bunch of different policies created by default in Azure for us to work with in fact these are initiatives there's two things policies and initiatives initiatives are groups of policies whereas policies themselves are individual uh little settings should we say now some of the settings we could actually do inside this kind of environment is we could restrict things like for example if we go for tags there is actually a policy down here that says where are we uh a few moments later okay so here in po if we go and search for require a tag you'll notice there is actually one of these things in here that says require a tag and it's value on resource groups or require a tag that's value on resources or require a tag on resource groups these are interesting enforces the existence of tags on resource groups and enforces the existence of a tag now what you can do within here is you can go and take one of these policies apply it to your subscription and it means that when somebody actually deploy a resource they have to apply a tank to it during that deployment process otherwise the resource won't actually deploy but we're going to give a different example for policies we're going to have a look at how policies can help us restrict where things can actually be deployed to so inside here I'm going to go and create a resource Group okay so I'm just going to come in here into creating a resource Group and I'm going to build a resource group called UK virtual machines and we're going to deploy that to UK s so here within this virtual machine's location or this virtual machine's Resource Group we're going to deploy some stuff and some things to it so I'm going to search for virtual machines up here and I'm going to create uh an Azure virtual machine and I'm going to build this up as an America virtual machine so I have not put any uh restrictions on here at all but we're going to send this this to East us okay uh we'll change that from a buntu we'll just put that on Windows Server 2022 Hot Patch Edition because we don't want any hippie open source operating systems at the moment we want to pop these in let's give this some passwords and we'll just go review and create that I'm just going to leave everything else as default so let's wait for this America machine to actually deploy in our environment shouldn't take too long to actually build but not the resource Group itself is set to be called UK virtual machines and the resource Group itself had a location of UK South but this virtual machine here is being deployed into America so there's no restriction on the resources in the resource Group the actual Resource Group itself so if we go back over here and have a look if we go and have a look at the resource Group itself here there we go UK virtual machines this is still location of UK South it's just a label at this point it's not really doing anything to actually restrict this stuff we need to go and create a policy so let's go back into policies over here click around to get to it and what we're going to do is we're going to go into definitions and we're going to look for this definition of this policy called allowed locations okay so if we go here into allowed locations and we can do this one just called allowed locations that's loads and loads of policies we can do but this is just showing how one gets deployed and enforced so notice we have lots and lots and lots of Json here all of these things are built off Json um we can just go straight to assign and in the basics tab under here under the scope we're just going to put this onto our UK virtual machines uh Resource Group here I'm not going to put it on the level of the subscription we could do we could put these policies onto subscription level or onto Management Group level but we're not going to do that we're just going to put this onto just this Resource Group the policy enforcement is going to be enabled at the moment that's fine and in the parameters we're going to change the allowed locations here so let's go next across the parameters we're going to change this to UK South so the only resources in this Resource Group will be able to exist in the only place they can exist in is UK South so let's review and create that um and we're GNA build it up there we go give that a second to do its thing because it's Azure it needs a couple of minutes this will take probably 5 to 10 minutes to actually enforce so if we go back to our Resource Group from before we can actually still see that our America virtual machine here is still existing it's in location of East us but if we go to policies we should have that same UK restriction policy applied again this is going to take a while to do it's still not started in its compliance State at the moment but as it sort of crunches through over the next 15 minutes what we will see is compliant and non-compliant resources let's just try and Trigger that so let's go and make another virtual machine down here and let's go and create another Azure virtual machine let's go to that same Resource Group let's put the virtual machine name inside here and let's go and deploy this to West us okay so again this is another American machine but we'll deploy the other side of America down here drop that into server 2022 Hot Patch Edition and we'll give this some usernames and passwords so people can log into this but remember this is a resource that's existing in West us and if we go and create this we should see that we have validation failed now having validation failed here notice we get this big chunky error if we go and have a look at Raw error uh and we scroll down a little bit we should be able to see why this has actually had a problem notice it says it's got a policy effect of deny and the policy was called allowed locations and we can see that it's actually only allowed to this list of locations of UK South so in summary if I take a policy that restricts something or stops something from working if that policy gets applied to a resource Group that already has an existing resource in it like for example my America VM over here is not compliant it's not actually going to automatically delete that resource okay it's not actually going to stop that from working initially um but what it will do is within the policy section over here it's actually going to go and flag it inside the compliance section to tell you that it's actually not compliant when this actually completes but pretty much immediately after I deploy that policy if I try to deploy another resource that doesn't match those policy conditions it's going to be blocked in the wizard from actually doing that you get the same result there if you did that in Powershell too so that kind of concludes a quick look at how to do some tagging um how to tag some resource groups how to tag some resources and we looked at the cost management how to go and check out those tags of filtering we then took a look a quick look at policies and we restricted a resource from being able to deploy to a resource Group using policies and we also used for a couple of our things inside here to go and build our resources out our Diss and our v-ets that we were going to tag and to build out the uh the tagging system rather than crunching through each one individually we could just use a little bit of Powershell to accomplish that to assign tags to many many different things at once it's actually quite hard to do that without Powershell there's a lot of clicking through the interfaces so it's quite nice to have this sort of stuff available to you I hope you enjoyed that module and uh we'll be back next time to take a look at more stuff related to the a305 and you know the routine # like And subscribe and I hope you enjoyed this video and we'll join me next time goodbye

Info

Channel: Mike in the Cloud

Views: 297

Rating: undefined out of 5

Keywords:

Id: ahIxxIuk9jE

Channel Id: undefined

Length: 27min 52sec (1672 seconds)

Published: Thu Feb 22 2024