Need help for subscription creation at azure tenant enterprise scale set #4715
-
|
Need help for subscription creation at azure tenant enterprise-scale set |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 4 replies
-
|
You can review the docs here: https://github.com/Azure/data-management-zone Including the pre-req steps here: https://github.com/Azure/data-management-zone#deploy-data-management-zone |
Beta Was this translation helpful? Give feedback.
-
|
Also here: https://github.com/Azure/Enterprise-Scale/blob/main/docs/EnterpriseScale-Setup-azure.md |
Beta Was this translation helpful? Give feedback.
-
|
to create a subscription you need to have access to EA account id. Once you have that ID, I believe that this snippet can help you run Azure cli |
Beta Was this translation helpful? Give feedback.
-
|
Hi azMantas Thanks for your help but have still doubt to create/refactoring the subscriptions of existing management/sub management groups which are already created by another module. I have the below scenario.
|
Beta Was this translation helpful? Give feedback.
-
|
So I think I understand what you are asking ... I will do this in 2 parts
you have something like below
i.e. a list of Management Groups. You can export these to a hierarchy with PowerShell Get-AzManagementGroup -WarningAction SilentlyContinue |
foreach {Get-AzManagementGroup -WarningAction SilentlyContinue -GroupName $_.Name -Expand } |
select Name,ParentName
Name ParentName
---- ----------
11cb9e1b-bd08-4f80-bb8f-f71940c39079
HA-APP 11cb9e1b-bd08-4f80-bb8f-f71940c39079
HA-APP-decommissioned HA-APP
HA-APP-landingzones HA-APP
HA-APP-management HA-APP-platform
HA-APP-online HA-APP-landingzones
HA-APP-platform HA-APP
HA-APP-sandboxes HA-APPfrom that you can create your declarative json definition for your parameter file for your Bicep Templates Get-AzManagementGroup -WarningAction SilentlyContinue |
foreach {Get-AzManagementGroup -WarningAction SilentlyContinue -GroupName $_.Name -Expand } |
select Name,DisplayName,ParentName | convertto-jsonThis goes in your parameter file Now you can create your MG deployment template to be able to redeploy out the MG's with the exact same hierarchy that you exported. Example Template for a Management Group Deployment into the Root Management Group.
$MGName = Get-AzManagementGroup | where displayname -eq 'Root Management Group' | foreach Name
New-AzManagementGroupDeployment @Common @TemplateArgs @OptionalParameters -ManagementGroupId $MGNametargetScope = 'managementGroup'
var mgInfo = contains(DeploymentInfo, 'mgInfo') ? DeploymentInfo.mgInfo : []
var managementGroupInfo = [for (mg, index) in mgInfo: {
match: ((Global.CN == '.') || contains(Global.CN, mg.name))
}]
@batchSize(1)
module mgInfo_displayName 'man-MG-ManagementGroups.bicep' = [for (mg,index) in mgInfo: if (managementGroupInfo[index].match) {
name: 'dp-${mg.name}'
params: {
mgInfo: mg
}
}]Which calls the actual Module that does the work: param mgInfo object
targetScope = 'managementGroup'
resource parentMG 'Microsoft.Management/managementGroups@2021-04-01' existing = {
name: mgInfo.ParentName
scope: tenant()
}
resource MG 'Microsoft.Management/managementGroups@2021-04-01' = {
name: mgInfo.name
scope: tenant()
properties: {
displayName: mgInfo.displayName
details: {
parent: mgInfo.parentName == null ? null : /*
*/ {
id: parentMG.id
}
}
}
}I would recommend to do the above First, then come back to this second phase. Now export the same again, however this time with the Subscriptions as well.Get-AzManagementGroup -WarningAction SilentlyContinue |
ForEach-Object {
Get-AzManagementGroup -WarningAction SilentlyContinue -GroupName $_.Name -Expand } |
ForEach-Object {
$Path = '/providers/Microsoft.Management/managementGroups/{0}/subscriptions?api-version=2020-05-01' -f $_.Name
$r = Invoke-AzRestMethod -Path $path -Method GET | ForEach-Object content | ConvertFrom-Json | ForEach-Object value
$Subscriptions = $r | ForEach-Object { $_.name }
@{
name = $_.Name
displayName = $_.DisplayName
parentName = $_.ParentName
subscriptions = @($Subscriptions)
}
} | convertto-jsonThis time you have the same thing, plus also the subscriptions under each Management Group
So now just add this extra step the your template above. Docs reference resource subscriptions 'Microsoft.Management/managementGroups/subscriptions@2021-04-01' = [for (sub, index) in mgInfo.subscriptions: {
name: sub
parent: MG
}]You can view the deployments under the Root Management Deployments
Including where the subscription was assigned under the individual MG deployment
Deploy again... instead of this
Use this
instead of this
you get this
The export powershell script is here: Assuming you have a different process in place to create subscriptions in the first place. |
Beta Was this translation helpful? Give feedback.
-
|
@Mohansharma84 |
Beta Was this translation helpful? Give feedback.
-
|
Marking as answered, feel free to continue the conversation if you would like some further info or guidance. |
Beta Was this translation helpful? Give feedback.
@Mohansharma84
So I think I understand what you are asking ... I will do this in 2 parts
you have something like below
i.e. a list of Management Groups.
You can export these to a hierarchy with PowerShell