Is it wrong to have multiple environments all in the same resource group?

Is it “Wrong” to have multiple environments all in the same resource group?

such as dev, staging, and production using the same group

We don’t even have them in the same subscription. Some environments even have their own aad tenants

Resource groups are free, what’s the benefit to not using them to split out your resources?

We almost only put resources in the same resource group when they cannot exist independently. For example storage (sql) and hosting (iaas, aks etc) do not go in the same resource group because hosting is ephemeral. It can be destroyed and recreated at any time. Storage not so much. Which means they do not have the same life cycle and are thus (according to our practices) not allowed in the same resource group.

Hell some even use Management Groups to manage the Dev/Prod/Staging subscriptions too.

Is there much danger to moving a resource to another resources group? (in this case a data factory)

What value were you trying to gain by smashing everything into one RG?

Data factory supports resource group moves. I didn’t find any known issues with it. But to be safe you should always trial in a test environment.

I thought it might simplify networking and cause less issues. for instance I have multiple data factories trying to connect to an IR in a VNET. I wasn’t sure if having different resources groups would impact that,

It does not. What is a thing for some resources is the resource group location.

For me the “Wrong” manifests itself when you try to remove some of the resources. Put three VMs, each with their own IP, Disk, whateverelseitneeds in a single resource group and then try to delete one of them (via az cli if you’re a masochist) :slightly_smiling_face:

You would probabaly at least want to have 2 subscriptions. One for “production” environments and one for “non-production environments”. Reason for this is ability to separate access and ability to restrict access. And secondly you can base a subscription on a different MS Offer. We tend to use the Enterprise Dev/Test Offer for our non-prod and the Enterprise Agreement Offer for prod. It boils down to cost, same resources in a subscript based on Ent Dev/Test costs less then those in a Ent Agreement based subscription.

We tend to keep 1 Resource group for 1 Environment so we have like 6 non prod environments we place them all in the non prod subscription, each environment and all its resource in their own resource group.

I don’t even like having them in the same subscription. Finance is much happier when I can tell them this bill is for Dev/Test and this bill is for Production an Production Support. CapEx vs OpEx

Well both subs have tags to tell finance to what cost center to attach the invoice. Thats why Tags were invented (or rather “stolen” from aws)

That works but personally don’t see the point in using tags when I can just create subscriptions

To filter in the cost center based on tags when mng / finance loot at the dashboard

You can filter by subscription

We just prefix the subscriptions with the cost center

Well subs are mainly for me to differentiate cost, managment groups and acess policy, 10 subscritions for 10 env is waaaaayyy to much management

When the cost center for ALL non prod environments is the same