Subscriptions - jasper-zanjani/azure GitHub Wiki
There are 2 types of quota that apply to subscriptions:
- Resource quotas trigger alarms when resource creation and consumption hit a threshold. These are not to be confused with resource limits which can stop resources from being created, whereas quotas can not.
- Spending quotas trigger alarms when spending has reached a thresthold.
These are facilitated through the use of tags, which allow categorization of resource groups and resources.
- Tag names have a limit of 512 characters (128 characters for storage accounts)
- Tag values have a limit of 256 characters.
- Resources and resource groups are limited to 15 tags.
- VMs cannot exceed 2048 characters for all tag names and values combined.
Budgets can be viewed and administered in the Cost Management + Billing blade. Users must be at least Reader to a subscription to view, and Contributor to create and manage, budgets. Specialized roles that grant access to Cost Management include
- Cost Management contributor
- Cost Management reader
Although the Cloudyn service, which had been purchased by Microsoft, was being offered as a standalone service, it has now been deprecated because its functionality has been incorporated natively into other sections of the Cost Management + Billing blade.
Customers on an Enterprise Agreement can add up-front commitments to Azure then be billed annually. If the committed spend is exceeded, the overage is billed at the same EA rate. EA customers can create spending quotas and set notification thresholds through the EA Portal.
3 portals used to manage Azure subscriptions
- EA Portal (ea.azure.com) available only to customers with an Enterprise Agreement
- Account Portal
- Azure Portal, includes Azure Cost Management
Get-AzSubscriptionaz account showTo create a budget, open Cost Management + Billing, then Subscriptions, select a subscription, then click Budgets. Then click + Add, which produces a Create budget blade. The created budget can be seen in the Budgets blade. PowerShell commands used with budgets:
-
Get-AzResourceGroupretrieve Resource Group object -
Set-AzResourceGroupapply a tag to a resource group with no preexisting tags -
.Tagsmethod that retrieves Tag collection from a resource group -
.Add()method used to add tags to a resource group that already has tags.
To view resource quotas for a subscription, go to the subscription in Azure Portal and open the Usage + quotas blade. From there you can select resources and then click the Request Increase button.
View current usage of vCPU quotas
Get-AzVMUsageView current usage of storage service
Get-AzStorageUsageCreate a policy definition (Portal)
- (All Services) > Policy > Definitions: Both builtin and custom policies can be managed here.
Create a policy definition
New-AzPolicyDefinition -Name 'appendEnvironmentTag' -DisplayName 'Append Environment Tag' -Policy 'AppendDefaultTag.json' -Parameter 'AppendDefaultTagParams.json'$scope = '/subscriptions/$subscriptionID'
$policyparam = '{
"tagName" : {
"value": "Environment" },
"tagValue": {
"value" : "Production" } }'
$assignment = New-AzPolicyAssignment -Name 'append-environment-tag' -DisplayName 'Append Environment Tag' -Scope $scope -PolicyDefinition $definition -PolicyParameter $policyparamRemove policy assignment and definition
Remove-AzPolicyAssignment -Id $assignment.ResourceId
Remove-AzPolicyDefinition -Id $definition.ResourceIdDefine a policy
az policy definition create --name 'allowedVMs' --description 'Only allow virtual machines in the defined SKUs' --mode ALL --rules '{...}' --params '{...}'Apply policy to a scope
az policy assignment create --policy allowedVMs --name 'deny-non-compliant-vms' --scope '/subscriptions/<Subscription ID>' -pDelete policy assignment
az policy assignment delete --name deny-non-compliant-vms