Resource Groups
The presented resiliency recommendations in this guidance include Resource Groups and its associated settings.
Summary of Recommendations
| Recommendation | Category | Impact | State | ARG Query Available |
|---|---|---|---|---|
| RG-1 - Ensure Resource Group and its Resources are located in the same Region | Disaster Recovery | High | Preview | Yes |
Definitions of states can be found here
Recommendations Details
RG-1 - Ensure Resource Group and its Resources are located in the same Region
Category: Disaster Recovery
Impact: High
Guidance
Ensure your resource locations match that of the containing resource group. This ensures that, in the event of a regional outage, you will still be able to manage your resource. ARM stores resource data for resources in a resource group and, if the region is unavailable, updates to this data could fail, making the resource effectively read-only.
Resources
Resource Graph Query
// Azure Resource Graph Query
// Provides a list of Azure Resource Groups that have resources deployed in a region different than the Resource Group region
resources
| project id, name, tags, resourceGroup, location
| where location != "global" // exclude global resources
| where resourceGroup != "networkwatcherrg" // exclude networkwatcherrg
| where split(id, "/", 3)[0] =~ "resourceGroups" // resource is in a resource group
| extend resourceGroupId = strcat_array(array_slice(split(id, "/"),0,4), "/") // create resource group resource id
| join (resourcecontainers | project containerid=id, containerlocation=location ) on $left.resourceGroupId == $right.['containerid'] // join to resourcecontainers table
| where location != containerlocation
| project recommendationId="rg-1", name, id, tags
| order by id asc