Considering Using Azure Resource Groups for Organizing Software Solutions and Environments

We’ve beginning to consider using Azure Resource Groups for various things. Because we’re still new at this I’m doing what training I can of my coworkers, such as suggesting it isn’t a good idea to have one Azure Key Vault with all the connection strings for all the 200+ applications we’ve got. I’m suggesting one resource group per software solution.

But one question has come up and I don’t know what would be the best path to take. Some managers are suggesting having separate resource groups for test, development, and production of each software solution. I don’t think that’s the correct way to go, but I’d love to get your feedback on this, please.

We use separate azure subscriptions for each environment, for each solution (DTAP). Then we have resource groups for logical separation of resources within the subscription such as networking, secret management, compute, storage etc.

So let’s say solution x (crm system) would have 4 azure subscriptions, on for each of D T A and P. That subscription would then be subdivided in resource groups based on whatever makes sense as a structure for that solution, such as separation between networking and compute etc.

Solution Y (customer portal) would then have it’s own 4 separate azure subscriptions for example.