有效地組織 Azure 資源Organize your Azure resources effectively

組織雲端式資源對於保護、管理和追蹤工作負載相關的成本而言至關重要。Organizing your cloud-based resources is critical to securing, managing, and tracking the costs related to your workloads. 若要組織您的資源,請定義管理群組階層、遵循妥善考慮的命名慣例,並套用資源標記。To organize your resources, define a management group hierarchy, follow a well-considered naming convention and apply resource tagging.

Azure 提供四個管理範圍層級:管理群組、訂用帳戶、資源群組和資源。Azure provides four levels of management scope: management groups, subscriptions, resource groups, and resources. 下圖顯示這些層級的關聯性。The following image shows the relationship of these levels.

管理階層關聯性的圖示 圖 1:四個管理範圍層級之間的關聯性。Diagram that shows the relationship of management hierarchy levels Figure 1: How the four management-scope levels relate to each other.

  • 管理群組: 這些群組是可協助您針對多個訂用帳戶管理存取、原則及合規性的容器。Management groups: These groups are containers that help you manage access, policy, and compliance for multiple subscriptions. 管理群組內的所有訂用帳戶都會自動繼承套用到管理群組的條件。All subscriptions in a management group automatically inherit the conditions applied to the management group.
  • 訂用帳戶: 訂用帳戶會以邏輯方式關聯使用者帳戶以及這些使用者帳戶所建立的資源。Subscriptions: A subscription logically associates user accounts and the resources that were created by those user accounts. 每個訂用帳戶均有可供建立和使用的資源數量限制或配額。Each subscription has limits or quotas on the amount of resources you can create and use. 組織可以使用訂用帳戶來管理成本以及由使用者、小組或專案所建立的資源。Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.
  • 資源群組: 資源群組是一個邏輯容器,可在其中部署與管理 Azure 資源 (例如 Web 應用程式、資料庫和儲存體帳戶)。Resource groups: A resource group is a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
  • 資源: 資源是所建立服務 (如虛擬機器、儲存體或 SQL 資料庫) 的執行個體。Resources: Resources are instances of services that you create, like virtual machines, storage, or SQL databases.

管理設定的範圍Scope of management settings

您可以在任何管理層級套用管理設定,例如原則和角色型存取控制。You can apply management settings like policies and role-based access control at any of the management levels. 您選取的層級會決定套用設定的範圍。The level you select determines how widely the setting is applied. 較低層級會從較高層級繼承設定。Lower levels inherit settings from higher levels. 例如,當您將原則套用到訂用帳戶時,該訂用帳戶中的所有資源群組和資源也都會套用該原則。For example, when you apply a policy to a subscription, that policy is also applied to all resource groups and resources in that subscription.

通常我們會在較高層級套用重要設定,而在較低層級套用專案特定需求。Usually, it makes sense to apply critical settings at higher levels and project-specific requirements at lower levels. 例如,您可能想要確定組織的所有資源都部署到特定區域。For example, you might want to make sure all resources for your organization are deployed to certain regions. 若要這樣做,請將原則套用至指定了允許位置的訂用帳戶。To do that, apply a policy to the subscription that specifies the allowed locations. 當貴組織中其他使用者新增新的資源群組和資源時,會自動強制執行允許的位置。As other users in your organization add new resource groups and resources, the allowed locations are automatically enforced. 請深入了解本指南的控管、安全性和合規性區段中所提供的原則。Learn more about policies in the governance, security, and compliance section of this guide.

如果您只有幾個訂用帳戶,獨立管理這些訂用帳戶相當簡單。If you have only a few subscriptions, it's relatively simple to manage them independently. 如果您使用的訂用帳戶數量增加,則請考慮建立管理群組階層,以簡化訂用帳戶和資源的管理。If the number of subscriptions you use increases, consider creating a management group hierarchy to simplify the management of your subscriptions and resources. 如需詳細資訊,請參閱組織和管理您的 Azure 訂用帳戶For more information, see Organize and manage your Azure subscriptions.

在規劃合規性策略時,請與組織中擔任下列角色的人員合作:安全性和合規性、IT 管理、企業架構設計人員、網路、財務和採購。As you plan your compliance strategy, work with people in your organization with these roles: security and compliance, IT administration, enterprise architecture, networking, finance, and procurement.

建立管理層級Create a management level

您可以建立管理群組、其他訂用帳戶或資源群組。You can create a management group, additional subscriptions, or resource groups.

建立管理群組Create a management group

建立管理群組,以協助您針對多個訂用帳戶管理存取、原則及合規性。Create a management group to help you manage access, policy, and compliance for multiple subscriptions.

  1. 請移至管理群組Go to management groups.
  2. 選取 [新增管理群組]。Select Add management group.

建立訂用帳戶Create a subscription

使用訂用帳戶來管理成本以及由使用者、小組或專案所建立的資源。Use subscriptions to manage costs and resources that are created by users, teams, or projects.

  1. 請移至訂用帳戶Go to subscriptions.
  2. 選取 [新增]。Select Add.

注意

亦可透過程式設計方式建立訂閱。Subscriptions can also be created programmatically. 如需詳細資訊,請參閱以程式設計方式建立 Azure 訂用帳戶For more information, see Programmatically create Azure subscriptions.

建立資源群組Create a resource group

建立資源群組,以容納共用相同生命週期、權限及原則的 Web 應用程式、資料庫和儲存體帳戶等資源。Create a resource group to hold resources like web apps, databases, and storage accounts that share the same lifecycle, permissions, and policies.

  1. 移至資源群組Go to resource groups.
  2. 選取 [新增]。Select Add.
  3. 選取要用來建立資源群組的 [訂用帳戶]。Select the Subscription that you want your resource group created under.
  4. 輸入 [資源群組] 的名稱。Enter a name for the Resource group.
  5. 選取資源群組位置的 [區域]。Select a Region for the resource group location.

深入了解Learn more

若要深入了解,請參閱:To learn more, see:

動作Actions

建立管理群組:Create a management group:

建立管理群組,以協助您針對多個訂用帳戶管理存取、原則及合規性。Create a management group to help you manage access, policy, and compliance for multiple subscriptions.

  1. 請移至管理群組Go to Management groups.
  2. 選取 [新增管理群組]。Select Add management group.

建立其他訂用帳戶:Create an additional subscription:

使用訂用帳戶來管理成本以及由使用者、小組或專案所建立的資源。Use subscriptions to manage costs and resources that are created by users, teams, or projects.

  1. 請移至 [訂用帳戶]。Go to Subscriptions.
  2. 選取 [新增]。Select Add.

建立資源群組:Create a resource group:

建立資源群組,以容納共用相同生命週期、權限及原則的 Web 應用程式、資料庫和儲存體帳戶等資源。Create a resource group to hold resources like web apps, databases, and storage accounts that share the same lifecycle, permissions, and policies.

  1. 移至 [資源群組]。Go to Resource groups.
  2. 選取 [新增]。Select Add.
  3. 選取要用來建立資源群組的 [訂用帳戶]。Select the Subscription that you want your resource group created under.
  4. 輸入 [資源群組] 的名稱。Enter a name for the Resource group.
  5. 選取資源群組位置的 [區域]。Select a Region for the resource group location.