Skip to main content
Version: Next

Task 03: Create Resource Groups

Runbook Azure

DOCUMENT CATEGORY: Runbook SCOPE: Simplified deployment — single resource group PURPOSE: Create the resource group that holds all Azure Local cluster resources MASTER REFERENCE: Microsoft Learn — Resource Groups

Status: Active

Overview

Create the single resource group that will contain all Azure Local cluster resources. In the simplified deployment model, one resource group provides the primary organizational boundary for access control, cost tracking, and lifecycle management.

What This Accomplishes

  • Resource container — single resource group for the entire Azure Local cluster
  • Access control — resource group-level RBAC boundary
  • Cost tracking — scoped cost allocation for the cluster
  • Lifecycle management — coordinated resource deployment and cleanup
Single Subscription vs Full Deployment

The single subscription deployment creates a single resource group for all cluster resources. The full deployment model uses multiple resource groups scoped by function. See the full deployment path for details.

Prerequisites

PrerequisiteDetail
SubscriptionCreated and accessible (Task 02)
PermissionsContributor or Owner role on the subscription
Authenticated Azure sessionSee Authentication
variables.ymlConfigured with subscription ID, resource group name, and region

Resource Group Reference

AttributeValueConfig Path
SubscriptionPer configvariables.yml → azure.subscriptions.lab.id
Resource Group NamePer configvariables.yml → azure_resources.resource_group_name
RegionPer configvariables.yml → cluster.location

IIC Example Values

AttributeIIC Value
Subscriptioniic-lz-azurelocal-001
Resource Grouprg-c01-azl-eus-01
Regioneastus

Target Structure

cmp-iic-root ← root MG (Task 01)
└── cmp-landing-zones-iic ← landing zone MG (Task 01)
 └── iic-lz-azurelocal-001 ← subscription (Task 02)
 └── rg-c01-azl-eus-01 ← resource group (this task)
 ├── Azure Local cluster resources
 ├── Arc-enabled servers
 ├── Key Vault
 └── Storage accounts

Variables from variables.yml

VariableConfig PathExample (IIC)
Subscription IDazure.subscriptions.lab.id(per environment)
Resource Group Nameazure_resources.resource_group_namerg-c01-azl-eus-01
Regioncluster.locationeastus

Execution Options

Azure Portal

When to use: Single deployment, prefer visual interface

Procedure

  1. Navigate to Resource Groups:
  • In Azure Portal, search for Resource groups
  • Click + Create
  1. Configure the resource group:
FieldValueSource
Subscription<subscription>variables.yml → azure.subscriptions.lab.id
Resource group<rg-name>variables.yml → azure_resources.resource_group_name
Region<region>variables.yml → cluster.location
  1. Complete creation:
  • Click Review + create → verify all fields → Create

Validation

  • Resource group appears in the correct subscription
  • Resource group name matches variables.yml
  • Region matches cluster.location

Troubleshooting

SymptomErrorResolution
Permission deniedAuthorizationFailedVerify Contributor or Owner role on the subscription
Duplicate nameResourceGroupAlreadyExistsRG already exists — verify it's in the correct subscription and region, then move on
Invalid locationLocationNotAllowedCheck Azure Policy allowed-locations constraints; confirm cluster.location in variables.yml
Subscription not foundSubscriptionNotFoundVerify azure.subscriptions.lab.id in variables.yml is correct

Next Steps

The single subscription landing zone deployment is complete. All three foundational resources are in place:

  • Root management group → landing zone management group → subscription → resource group

Proceed to the next phase of the Azure Foundation deployment.

References

PreviousUpNext
Task 02 — Create SubscriptionSingle Subscription Deployment OverviewPhase 02 — Resource Providers

Version Control

  • Created: 2026-01-15 by Hybrid Cloud Solutions
  • Last Updated: 2026-03-19 by Hybrid Cloud Solutions
  • Version: 3.0.0