Post

How to organize Subscriptions in Management Groups

Posted Updated
By Diego dos Santos Rosa Pauletto
1 min read
How to organize Subscriptions in Management Groups

HCL Azure

What is a Management Group?

A Management Group in Azure is a hierarchical structure designed to centralize and streamline the organization and management of multiple subscriptions. Acting as a container for subscriptions, it simplifies the application of policies, access controls, and configurations across all associated subscriptions.

One of the key benefits of a management group is the automatic inheritance of settings and policies. This means that any configuration applied to a management group cascades down to all the subscriptions within it, ensuring consistency and reducing administrative overhead.

You can structure management groups to align with your specific needs, such as by environment (e.g., development, staging, production), project, resource type, or other logical groupings.

Thinking about this, in the terraform-azurerm-caf-enterprise-scale module, we have the parameter:

subscription_id_overrides

1
2
3

Description: If specified, this will be used to assign subscription_ids to the default Enterprise-scale Management Groups.
Type: map(list(string))
Default: {}

In this parameter, we can associate subscriptions with specific management groups in your environment.

I will show you how to configure each subscription in the corresponding management groups, enabling more efficient organization and centralized governance according to your organization’s structure.

My current management group structure


Adding the subscription_id_overrides parameter

Inside the main.tf file


Adding the configuration for each management group

The configurations will be provided in settings.core.tf (the ‘default’ file used for configuring the core submodule). This way, anyone working with the module and already familiar with it will know exactly where to look for the submodule configurations.

I will assign subscriptions to the following management groups: Landing Zones and Platform.


Updated Structure


🔗 Check out the repository and stay tuned for future updates: https://github.com/diegosrp/azure-caf/core/subscription_id_overrides

Azure CAF, terraform-azurerm-caf-enterprise-scale
cloud microsoft azure hashicorp terraform iac automation infrastructure security governance core caf management policy enterprise-scale
This post is licensed under CC BY 4.0 by the author.