This sectionintroduces PowerShell scripts that can be used for the automation of tag management, as well as for quicker administration times. Please ensure that the Az module is installed, as per the Technical requirements section at the beginning of the chapter.
Applying a tag to a resource group
The following script creates a new tag named Purpose with a value of Demo in the
AZ104-Chapter3 resource group:
$tags = @{“Purpose”=”Demo”}
$resourceGroup = Get-AzResourceGroup -Name AZ104-Chapter3 New-AzTag -ResourceId $resourceGroup.ResourceId -tag $tags
Applying a tag to a resource
Applying a tag to a resource is very similar; in this instance, we will apply the preceding tag to a storage account resource. Tags will be applied to a resource named AZ104Storage. The code is illustrated in the following snippet:
$tags = @{“Purpose”=”Demo”}
$resource = Get-AzResource -Name AZ104Storage -ResourceGroup AZ104-Chapter3
New-AzTag -ResourceId $resource.id -Tag $tags
Updating tags
Update-AzTag is another very useful command; it allows us to update tags to the $tags variable that is parsed or to merge tags from the $tags variable with existing tags. Merging combines two operations—namely, adding absent tags to the resource or resource group, and updating the value key for existing tags.
In the following example, we will add a new tag named Tags with a value of Merge. The result will be two tags on the AZ104-Chapter3 resource group:
$tags = @{“Tags”=”Merge”}
$resourceGroup = Get-AzResourceGroup -Name AZ104-Chapter3
Update-AzTag -ResourceId $resourceGroup.ResourceId -Tag $tags -Operation Merge
The following example will replace the tags and leave the AZ104-Chapter3 resource group with only the tag for Purpose:
$tags = @{“Tags”=”Merge”}
$resourceGroup = Get-AzResourceGroup -Name AZ104-Chapter3
Update-AzTag -ResourceId $resourceGroup.ResourceId -Tag $tags -Operation Replace
To run multiple tags in the commands, simply add a ; between tag pairs, as per the following example:
$tags = @{“Tag1″=”Value1”; “Tag2″=”Value2”}
Tip – AzTag
The replace command switch will remove tags that are not present in the $tags variable. The merge command will amend tags that are present and add any missing tags defined in the $tags variable.
Further reading
That brings this section to an end. In this section, we have learned what resource locks are, why they are necessary, and how they work.
We encourage students to read up further by using the following links:
- Microsoft documentation on tags: https://docs.microsoft. com/en-us/azure/azure-resource-manager/management/ tag-resources?tabs=json
- Resource naming and tagging decision guide: https://docs.microsoft. com/en-us/azure/cloud-adoption-framework/decision-guides/resource-tagging/?toc=%2Fazure%2Fazure-resource-manager%2Fmanagement%2Ftoc.json
- Prescriptive guidance for resource tagging: https://docs.microsoft. com/en-us/azure/cloud-adoption-framework/govern/guides/ complex/prescriptive-guidance#resource-tagging
- Applying tags in PowerShell: https://docs.microsoft.com/ en-us/azure/azure-resource-manager/management/ tag-resources?tabs=json#powershell
Summary
In this chapter, we have established how to create and manage governance in Azure using Azure policies and tags. You have learned how to perform administrative actions through the portal and PowerShell. You also know where to look for information pertaining to managing both policies and tags and how to build a strategy for governance, and have been provided with additional reading sources to improve your application of these new skills. You now have the skills required to implement governance requirements and assist in establishing baselines for governance.
In the next chapter, we will be expanding upon the skills learned in this chapter and investigating how to manage resources and services available in Azure that support governance objectives and costs within Azure.
Leave a Reply