您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 资源管理器概述Azure Resource Manager overview

应用程序的基础结构通常由许多组件构成,其中可能包括虚拟机、存储帐户、虚拟网络、Web 应用、数据库、数据库服务器和第三方服务。The infrastructure for your application is typically made up of many components – maybe a virtual machine, storage account, and virtual network, or a web app, database, database server, and third-party services. 这些组件不作为独立的实体出现,而是作为单个实体的相关部件和依赖部件出现。You don't see these components as separate entities, instead you see them as related and interdependent parts of a single entity. 如果希望以组的方式部署、管理和监视这些这些组件,You want to deploy, manage, and monitor them as a group. 那么,可以使用 Azure 资源管理器以组的方式处理解决方案中的资源。Azure Resource Manager enables you to work with the resources in your solution as a group. 可以通过一个协调的操作为解决方案部署、更新或删除所有资源。You can deploy, update, or delete all the resources for your solution in a single, coordinated operation. 可以使用一个模板来完成部署,该模板适用于不同的环境,例如测试、过渡和生产。You use a template for deployment and that template can work for different environments such as testing, staging, and production. Resource Manager 提供安全、审核和标记功能,以帮助你在部署后管理资源。Resource Manager provides security, auditing, and tagging features to help you manage your resources after deployment.

一致的管理层Consistent management layer

资源管理器针对通过 Azure PowerShell、Azure CLI、Azure 门户、REST API 和客户端 SDK 来执行任务提供了一致的管理层。Resource Manager provides a consistent management layer to perform tasks through Azure PowerShell, Azure CLI, Azure portal, REST API, and client SDKs. 在 Azure 门户中提供的所有功能也可以通过 Azure PowerShell、Azure CLI、Azure REST API 和客户端 SDK 来提供。All capabilities that are available in the Azure portal are also available through Azure PowerShell, Azure CLI, the Azure REST APIs, and client SDKs. 最初通过 API 发布的功能将在初次发布后的 180 天内在门户中提供。Functionality initially released through APIs will be represented in the portal within 180 days of initial release.

选择最适合你的工具和 API - 它们具有相同的功能并提供一致的结果。Choose the tools and APIs that work best for you - they have the same capability and provide consistent results.

下图显示各种工具如何与同一 Azure 资源管理器 API 交互。The following image shows how all the tools interact with the same Azure Resource Manager API. API 将请求传递给 Resource Manager 服务,后者对请求进行身份验证和授权。The API passes requests to the Resource Manager service, which authenticates and authorizes the requests. Resource Manager 随后将请求路由到相应的资源提供程序。Resource Manager then routes the requests to the appropriate resource providers.

Resource Manager 请求模型

术语Terminology

如果不熟悉 Azure 资源管理器,则可能不熟悉某些术语。If you're new to Azure Resource Manager, there are some terms you might not be familiar with.

  • 资源 - 可通过 Azure 获取的可管理项。resource - A manageable item that is available through Azure. 部分常见资源包括虚拟机、存储帐户、Web 应用、数据库和虚拟网络,但这只是其中一小部分。Some common resources are a virtual machine, storage account, web app, database, and virtual network, but there are many more.
  • 资源组 — 一个容器,用于保存 Azure 解决方案的相关资源。resource group - A container that holds related resources for an Azure solution. 资源组可以包含解决方案的所有资源,也可以只包含以组的形式进行管理的资源。The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. 根据对组织有利的原则,决定如何将资源分配到资源组。You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. 请参阅 资源组See Resource groups.
  • 资源提供程序 — 一种服务,提供可以通过 Resource Manager 进行部署和管理的资源。resource provider - A service that supplies the resources you can deploy and manage through Resource Manager. 每个资源提供程序提供用于处理所部署资源的操作。Each resource provider offers operations for working with the resources that are deployed. 部分常见资源提供程序包括 Microsoft.Compute(提供虚拟机资源)、Microsoft.Storage(提供存储帐户资源)和 Microsoft.Web(提供与 Web 应用相关的资源)。Some common resource providers are Microsoft.Compute, which supplies the virtual machine resource, Microsoft.Storage, which supplies the storage account resource, and Microsoft.Web, which supplies resources related to web apps. 请参阅 资源提供程序See Resource providers.
  • Resource Manager 模板 — 一个 JavaScript 对象表示法 (JSON) 文件,用于定义一个或多个要部署到资源组的资源。Resource Manager template - A JavaScript Object Notation (JSON) file that defines one or more resources to deploy to a resource group. 它也会定义所部署资源之间的依赖关系。It also defines the dependencies between the deployed resources. 使用模板能够以一致方式反复部署资源。The template can be used to deploy the resources consistently and repeatedly. 请参阅 模板部署See Template deployment.
  • 声明性语法 — 一种语法,允许声明“以下是我想要创建的项目”,而不需要编写一系列编程命令来进行创建。declarative syntax - Syntax that lets you state "Here is what I intend to create" without having to write the sequence of programming commands to create it. Resource Manager 模板便是声明性语法的其中一个示例。The Resource Manager template is an example of declarative syntax. 在该文件中,可以定义要部署到 Azure 的基础结构的属性。In the file, you define the properties for the infrastructure to deploy to Azure.

使用 Resource Manager 的优势The benefits of using Resource Manager

资源管理器提供多种优势:Resource Manager provides several benefits:

  • 可以以组的形式部署、管理和监视解决方案的所有资源,而不是单独处理这些资源。You can deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually.
  • 可以在整个开发生命周期内重复部署解决方案,并确保以一致的状态部署资源。You can repeatedly deploy your solution throughout the development lifecycle and have confidence your resources are deployed in a consistent state.
  • 可以通过声明性模板而非脚本来管理基础结构。You can manage your infrastructure through declarative templates rather than scripts.
  • 可以定义各资源之间的依赖关系,使其按正确的顺序进行部署。You can define the dependencies between resources so they're deployed in the correct order.
  • 可以将访问控制应用到资源组中的所有服务,因为基于角色的访问控制 (RBAC) 已在本机集成到管理平台。You can apply access control to all services in your resource group because Role-Based Access Control (RBAC) is natively integrated into the management platform.
  • 可以将标记应用到资源,以逻辑方式组织订阅中的所有资源。You can apply tags to resources to logically organize all the resources in your subscription.
  • 可以通过查看一组共享相同标记的资源的成本来理清组织的帐单。You can clarify your organization's billing by viewing costs for a group of resources sharing the same tag.

指南Guidance

以下建议将帮助你在使用解决方案时充分利用 Resource Manager。The following suggestions help you take full advantage of Resource Manager when working with your solutions.

  1. 通过 Resource Manager 模板中的声明性语法而不是强制性的命令来定义和部署基础结构。Define and deploy your infrastructure through the declarative syntax in Resource Manager templates, rather than through imperative commands.
  2. 在模板中定义所有部署和配置步骤。Define all deployment and configuration steps in the template. 在设置解决方案时不应执行手动步骤。You should have no manual steps for setting up your solution.
  3. 运行强制性命令来管理资源,例如启动或停止应用或计算机。Run imperative commands to manage your resources, such as to start or stop an app or machine.
  4. 排列资源组中具有相同生命周期的资源。Arrange resources with the same lifecycle in a resource group. 使用标记来组织其他所有资源。Use tags for all other organizing of resources.

有关企业可如何使用 Resource Manager 有效管理订阅的指南,请参阅 Azure 企业基架 - 出于合规目的监管订阅For guidance on how enterprises can use Resource Manager to effectively manage subscriptions, see Azure enterprise scaffold - prescriptive subscription governance.

有关创建可以跨全球 Azure、Azure 主权云和 Azure Stack 使用的资源管理器模板的建议,请参阅开发用于实现云一致性的 Azure 资源管理器模板For recommendations on creating Resource Manager templates that you can use across global Azure, Azure sovereign clouds, and Azure Stack, see Develop Azure Resource Manager templates for cloud consistency.

资源组Resource groups

定义资源组时,需要考虑以下几个重要因素:There are some important factors to consider when defining your resource group:

  1. 组中的所有资源应该共享相同的生命周期。All the resources in your group should share the same lifecycle. 一起部署、更新和删除这些资源。You deploy, update, and delete them together. 如果某个资源(例如数据库服务器)需要采用不同的部署周期,则它应在另一个资源组中。If one resource, such as a database server, needs to exist on a different deployment cycle it should be in another resource group.
  2. 每个资源只能在一个资源组中。Each resource can only exist in one resource group.
  3. 随时可以在资源组添加或删除资源。You can add or remove a resource to a resource group at any time.
  4. 可以将资源从一个资源组移到另一个组。You can move a resource from one resource group to another group. 有关详细信息,请参阅将资源移到新资源组或订阅For more information, see Move resources to new resource group or subscription.
  5. 资源组可以包含位于不同区域的资源。A resource group can contain resources that reside in different regions.
  6. 资源组可用于划分对管理操作的访问控制。A resource group can be used to scope access control for administrative actions.
  7. 资源可与其他资源组中的资源进行交互。A resource can interact with resources in other resource groups. 如果两个资源相关,但不共享相同的生命周期,那么这种交互很常见(例如,Web 应用连接到数据库)。This interaction is common when the two resources are related but don't share the same lifecycle (for example, web apps connecting to a database).

创建资源组时,需要提供该资源组的位置。When creating a resource group, you need to provide a location for that resource group. 你可能想知道,“为什么资源组需要一个位置?You may be wondering, "Why does a resource group need a location? 另外,如果资源的位置和资源组不同,那为什么资源组的位置很重要呢?And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" ” 资源组存储有关资源的元数据。The resource group stores metadata about the resources. 因此,当指定资源组的位置时,也就指定了元数据的存储位置。Therefore, when you specify a location for the resource group, you're specifying where that metadata is stored. 出于合规性原因,可能需要确保数据存储在某一特定区域。For compliance reasons, you may need to ensure that your data is stored in a particular region.

资源提供程序Resource providers

每个资源提供程序都会提供一组用于 Azure 服务的资源和操作。Each resource provider offers a set of resources and operations for working with an Azure service. 例如,若要存储密钥和密码,可以使用 Microsoft.KeyVault 资源提供程序。For example, if you want to store keys and secrets, you work with the Microsoft.KeyVault resource provider. 此资源提供程序提供名为“保管库”的资源类型,用于创建密钥保管库。This resource provider offers a resource type called vaults for creating the key vault.

资源类型的名称采用以下格式:{resource-provider}/{resource-type}。The name of a resource type is in the format: {resource-provider}/{resource-type}. 例如,Key Vault 类型为 Microsoft.KeyVault/vaultsFor example, the key vault type is Microsoft.KeyVault/vaults.

开始部署资源之前,应了解可用的资源提供程序。Before getting started with deploying your resources, you should gain an understanding of the available resource providers. 了解资源提供程序和资源的名称可帮助确定要部署到 Azure 的资源。Knowing the names of resource providers and resources helps you define resources you want to deploy to Azure. 此外,还需要知道每种资源类型的有效位置和 API 版本。Also, you need to know the valid locations and API versions for each resource type. 有关详细信息,请参阅资源提供程序和类型For more information, see Resource providers and types.

模板部署Template deployment

使用 Resource Manager 可以创建(JSON 格式的)模板,用于定义 Azure 解决方案的基础结构和配置。With Resource Manager, you can create a template (in JSON format) that defines the infrastructure and configuration of your Azure solution. 使用模板,可以在解决方案的整个生命周期内重复部署该解决方案,确保以一致的状态部署资源。By using a template, you can repeatedly deploy your solution throughout its lifecycle and have confidence your resources are deployed in a consistent state. 从门户创建解决方案时,该解决方案会自动包含部署模板。When you create a solution from the portal, the solution automatically includes a deployment template. 无需从头开始创建模板,因为可以从解决方案的模板着手,并根据特定需求自定义该模板。You don't have to create your template from scratch because you can start with the template for your solution and customize it to meet your specific needs. 有关示例,请参阅快速入门:使用 Azure 门户创建和部署 Azure 资源管理器模板For a sample, see Quickstart: Create and deploy Azure Resource Manager templates by using the Azure portal. 还可以通过导出资源组的当前状态或查看特定部署所用的模板来检索现有资源组的模板。You can also retrieve a template for an existing resource group by either exporting the current state of the resource group, or viewing the template used for a particular deployment. 查看导出的模板是了解模板语法的有用方法。Viewing the exported template is a helpful way to learn about the template syntax.

若要了解模板的格式以及如何构造模板,请参阅快速入门:使用 Azure 门户创建和部署 Azure 资源管理器模板To learn about the format of the template and how you construct it, see Quickstart: Create and deploy Azure Resource Manager templates by using the Azure portal. 若要查看资源类型的 JSON 语法,请参阅定义 Azure 资源管理器模板中的资源To view the JSON syntax for resources types, see Define resources in Azure Resource Manager templates.

Resource Manager 像处理其他任何请求一样处理模板(请参阅一致的管理层图像)。Resource Manager processes the template like any other request (see the image for Consistent management layer). 它解析模板,并将其语法转换为相应资源提供程序的 REST API 操作。It parses the template and converts its syntax into REST API operations for the appropriate resource providers. 例如,当 Resource Manager 收到具有以下资源定义的模板:For example, when Resource Manager receives a template with the following resource definition:

"resources": [
  {
    "apiVersion": "2016-01-01",
    "type": "Microsoft.Storage/storageAccounts",
    "name": "mystorageaccount",
    "location": "westus",
    "sku": {
      "name": "Standard_LRS"
    },
    "kind": "Storage",
    "properties": {
    }
  }
]

它将定义转换为以下 REST API 操作,后者将发送到 Microsoft.Storage 资源提供程序:It converts the definition to the following REST API operation, which is sent to the Microsoft.Storage resource provider:

PUT
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/mystorageaccount?api-version=2016-01-01
REQUEST BODY
{
  "location": "westus",
  "properties": {
  }
  "sku": {
    "name": "Standard_LRS"
  },   
  "kind": "Storage"
}

模板和资源组的定义方式完全取决于用户及其所需的解决方案管理方式。How you define templates and resource groups is entirely up to you and how you want to manage your solution. 例如,可以通过单个模板将三层应用程序部署到单个资源组。For example, you can deploy your three tier application through a single template to a single resource group.

三层模板

但无需在单个模板中定义整个基础结构。But, you don't have to define your entire infrastructure in a single template. 通常,合理的做法是将部署要求划分成一组有针对性的模板。Often, it makes sense to divide your deployment requirements into a set of targeted, purpose-specific templates. 可以轻松地将这些模板重复用于不同的解决方案。You can easily reuse these templates for different solutions. 若要部署特定的解决方案,请创建链接所有所需模板的主模板。To deploy a particular solution, you create a master template that links all the required templates. 下图显示了如何通过包含三个嵌套模板的父模板部署三层解决方案。The following image shows how to deploy a three tier solution through a parent template that includes three nested templates.

嵌套层模板

要各层具有单独的生命周期,可将三个层部署到单独的资源组。If you envision your tiers having separate lifecycles, you can deploy your three tiers to separate resource groups. 请注意,仍可将这些资源链接到其他资源组中的资源。Notice the resources can still be linked to resources in other resource groups.

层模板

有关嵌套模板的信息,请参阅将链接的模板用于 Azure 资源管理器For information about nested templates, see Using linked templates with Azure Resource Manager.

Azure 资源管理器会分析依赖关系,以确保按正确的顺序创建资源。Azure Resource Manager analyzes dependencies to ensure resources are created in the correct order. 如果一个资源依赖于另一个资源(例如虚拟机需要存储帐户才能访问磁盘)中的值,请设置依赖关系。If one resource relies on a value from another resource (such as a virtual machine needing a storage account for disks), you set a dependency. 有关详细信息,请参阅在 Azure 资源管理器模板中定义依赖关系For more information, see Defining dependencies in Azure Resource Manager templates.

还可以使用模板对基础结构进行更新。You can also use the template for updates to the infrastructure. 例如,可以将新的资源添加到应用程序,并为已部署的资源添加配置规则。For example, you can add a resource to your solution and add configuration rules for the resources that are already deployed. 如果模板指定要创建资源,但该资源已存在,则 Azure 资源管理器将执行更新而不是创建新资产。If the template specifies creating a resource but that resource already exists, Azure Resource Manager performs an update instead of creating a new asset. Azure 资源管理器会将现有资产更新到相同状态,就如同该资产是新建的一样。Azure Resource Manager updates the existing asset to the same state as it would be as new.

如果需要其他操作(例如,安装未包含在安装程序中的特定软件)时,资源管理器可提供所需的扩展。Resource Manager provides extensions for scenarios when you need additional operations such as installing particular software that isn't included in the setup. 如果已在使用配置管理服务(如 DSC、Chef 或 Puppet),则可以使用扩展来继续处理该服务。If you're already using a configuration management service, like DSC, Chef or Puppet, you can continue working with that service by using extensions. 有关虚拟机扩展的信息,请参阅关于虚拟机扩展和功能For information about virtual machine extensions, see About virtual machine extensions and features.

最后,该模板将成为应用程序源代码的一部分。Finally, the template becomes part of the source code for your app. 可以将它签入源代码存储库,并随着应用程序的发展更新该模板。You can check it in to your source code repository and update it as your app evolves. 可以通过 Visual Studio 编辑模板。You can edit the template through Visual Studio.

定义模板后,即可将资源部署到 Azure。After defining your template, you're ready to deploy the resources to Azure. 有关用于部署资源的命令,请参阅:For the commands to deploy the resources, see:

安全部署实践Safe deployment practices

将复杂服务部署到 Azure 时,你可能需要将服务部署到多个区域,并且在继续执行下一步骤前需要检查其运行状况。When deploying a complex service to Azure, you might need to deploy your service to multiple regions, and check its health before proceeding to the next step. 可以使用 Azure 部署管理器来协调服务的分阶段推出。Use Azure Deployment Manager to coordinate a staged rollout of the service. 通过分阶段推出服务,你可以在服务已部署到所有区域之前发现潜在的问题。By staging the rollout of your service, you can find potential problems before it has been deployed to all regions. 如果不需要这些预防措施,则执行上一部分中的部署操作是更好的选择。If you don't need these precautions, the deployment operations in the preceding section are the better option.

部署管理器当前为公共预览版。Deployment Manager is currently in public preview.

标记Tags

资源管理器提供了标记功能,可根据管理或计费要求为资源分类。Resource Manager provides a tagging feature that enables you to categorize resources according to your requirements for managing or billing. 如果有一系列复杂的资源组和资源,并想要以最有利的方式可视化这些资产,则可以使用标记。Use tags when you have a complex collection of resource groups and resources, and need to visualize those assets in the way that makes the most sense to you. 例如,可以标记组织中充当类似角色或者属于同一部门的资源。For example, you could tag resources that serve a similar role in your organization or belong to the same department. 如果不使用标记,组织中的用户可以创建多个资源,这可能会使将来的标识和管理变得十分困难。Without tags, users in your organization can create multiple resources that may be difficult to later identify and manage. 例如,你可能想要删除某个特定项目的所有资源。For example, you may wish to delete all the resources for a particular project. 如果没有为项目标记这些资源,则必须手动查找它们。If those resources aren't tagged for the project, you have to manually find them. 标记是降低不必要的订阅成本的重要方法。Tagging can be an important way for you to reduce unnecessary costs in your subscription.

资源不需要驻留在同一个资源组中就能共享一个标记。Resources do not need to reside in the same resource group to share a tag. 可以创建自己的标记分类,以确保组织中的所有用户使用公用的标记,避免用户无意中应用稍有不同的标记(如“dept”而不是“department”)。You can create your own tag taxonomy to ensure that all users in your organization use common tags rather than users inadvertently applying slightly different tags (such as "dept" instead of "department").

以下示例显示应用到虚拟机的标记。The following example shows a tag applied to a virtual machine.

"resources": [    
  {
    "type": "Microsoft.Compute/virtualMachines",
    "apiVersion": "2015-06-15",
    "name": "SimpleWindowsVM",
    "location": "[resourceGroup().location]",
    "tags": {
        "costCenter": "Finance"
    },
    ...
  }
]

订阅的使用情况报告包括标记名称和值,可用于按标记对成本进行细分。The usage report for your subscription includes tag names and values, which enables you to break out costs by tags. 有关标记的详细信息,请参阅 使用标记来组织 Azure 资源For more information about tags, see Using tags to organize your Azure resources.

访问控制Access control

资源管理器可以控制谁有权访问组织的特定操作。Resource Manager enables you to control who has access to specific actions for your organization. 它将基于角色的访问控制 (RBAC) 集中到管理平台,并将该访问控制应用到资源组中的所有服务。It natively integrates role-based access control (RBAC) into the management platform and applies that access control to all services in your resource group.

使用基于角色的访问控制时,应了解两个主要概念:There are two main concepts to understand when working with role-based access control:

  • 角色定义 - 描述一组权限,可以在多个分配中使用。Role definitions - describe a set of permissions and can be used in many assignments.
  • 角色分配 - 将具有某标识(用户或组)的定义与特定作用域(订阅、资源组或资源)相关联。Role assignments - associate a definition with an identity (user or group) for a particular scope (subscription, resource group, or resource). 下级作用域将继承分配。The assignment is inherited by lower scopes.

可将用户添加到预定义的平台和特定于资源的角色。You can add users to pre-defined platform and resource-specific roles. 例如,可利用名为“读者”的预定义角色,它允许用户查看资源但不允许进行更改。For example, you can take advantage of the pre-defined role called Reader that permits users to view resources but not change them. 为此,可将组织中需要此类访问权限的用户添加到“读者”角色,并将该角色应用到订阅、资源组或资源。You add users in your organization that need this type of access to the Reader role and apply the role to the subscription, resource group, or resource.

Azure 提供以下四个平台角色:Azure provides the following four platform roles:

  1. 所有者 - 可管理所有内容,包括访问权限Owner - can manage everything, including access
  2. 参与者 - 可管理访问权限以外的所有内容Contributor - can manage everything except access
  3. 读者 - 可查看所有内容,但不能进行更改Reader - can view everything, but can't make changes
  4. 用户访问管理员 - 可管理 Azure 资源的用户访问权限User Access Administrator - can manage user access to Azure resources

Azure 还提供多个特定于资源的角色。Azure also provides several resource-specific roles. 常见的此类角色有:Some common ones are:

  1. 虚拟机参与者 - 可管理虚拟机,但无法授予虚拟机访问权限,且无法管理自己连接到的虚拟网络或存储帐户Virtual Machine Contributor - can manage virtual machines but not grant access to them, and can't manage the virtual network or storage account to which they're connected
  2. 网络参与者 - 可管理所有网络资源,但无法授予网络资源访问权限Network Contributor - can manage all network resources, but not grant access to them
  3. 存储帐户参与者 - 可管理存储帐户,但无法授予存储帐户访问权限Storage Account Contributor - Can manage storage accounts, but not grant access to them
  4. SQL Server 参与者 - 可管理 SQL 服务器和数据库,但不包括其安全性相关的策略SQL Server Contributor - Can manage SQL servers and databases, but not their security-related policies
  5. 网站参与者 - 可管理网站,但不包括与其连接的 Web 计划Website Contributor - Can manage websites, but not the web plans to which they're connected

有关角色及允许操作的完整列表,请参阅 RBAC:内置角色For the full list of roles and permitted actions, see RBAC: Built in Roles. 有关基于角色的访问控制的详细信息,请参阅 Azure 基于角色的访问控制For more information about role-based access control, see Azure Role-based Access Control.

某些情况下,可能需要运行代码或脚本以访问资源,但最好不使用用户的凭据运行。In some cases, you want to run code or script that accesses resources, but you don't want to run it under a user’s credentials. 相反,请为应用程序称创建名为服务主体的标识,并为该服务主体分配相应角色。Instead, you want to create an identity called a service principal for the application and assign the appropriate role for the service principal. 通过 Resource Manager,可为应用程序创建凭据,并以编程方式对该应用程序进行身份验证。Resource Manager enables you to create credentials for the application and programmatically authenticate the application. 若要了解如何创建服务主体,请参阅下列主题之一:To learn about creating service principals, see one of following topics:

可以显式锁定关键资源,以防止用户删除或修改这些资源。You can also explicitly lock critical resources to prevent users from deleting or modifying them. 有关详细信息,请参阅 使用 Azure 资源管理器锁定资源For more information, see Lock resources with Azure Resource Manager.

自定义策略Customized policies

资源管理器可创建自定义策略来管理资源。Resource Manager enables you to create customized policies for managing your resources. 创建的策略的类型可以包括各种应用场景。The types of policies you create can include diverse scenarios. 可以对资源实施命名约定,限制可以部署的资源类型和实例,或限制可以托管某个类型资源的区域。You can enforce a naming convention on resources, limit which types and instances of resources can be deployed, or limit which regions can host a type of resource. 可以获取资源的标记值以按部门组织帐单。You can require a tag value on resources to organize billing by departments. 可以通过创建策略来降低成本并在订阅中保持一致性。You create policies to help reduce costs and maintain consistency in your subscription.

可创建许多其他类型的策略。There are many more types of policies you can create. 有关详细信息,请参阅什么是 Azure Policy?For more information, see What is Azure Policy?.

SDKSDKs

Azure SDK 适用于多种语言和平台。Azure SDKs are available for multiple languages and platforms. 每种语言实现可通过其生态系统包管理器和 GitHub 来使用。Each of these language implementations is available through its ecosystem package manager and GitHub.

下面是开放源代码 SDK 存储库。Here are the Open Source SDK repositories.

有关在资源中使用这些语言的信息,请参阅:For information about using these languages with your resources, see:

备注

如果 SDK 未提供所需的功能,也可以直接调用 Azure REST APIIf the SDK doesn't provide the required functionality, you can also call to the Azure REST API directly.

后续步骤Next steps

在本文中,你已学习了如何使用 Azure 资源管理器在 Azure 上部署和管理资源以及对其进行访问控制。In this article, you learned how to use Azure Resource Manager for deployment, management, and access control of resources on Azure. 请前进到下一文章来学习如何部署你的第一个 Azure 资源管理器模板。Proceed to the next article to learn how to create your first Azure Resource Manager template.