Section 6 - Creating the Azure Resource Group

SPARK utilizes Azure resources which are configured within an Azure Resource Group.

Requirements

An Azure Subscription or Tenant Administrator will be required for this step.1 At minimum the person creating the Resource Group must have:

  • Access to the Azure Government Portal
  • The Owner or Contributor Privileged Azure RBAC Role for the Azure Subscription
  • (If Contributor), add the Role Based Access Control Administrator RBAC Role for the Azure Subscription 2

PowerShell Script

  1. Review the script and install the required modules if needed
  2. Review the resource group information and update the name and replace sub with the organization’s prefix avlue
  3. Run the command to get the available locations (if needed) and update the location value
  4. Run the script and validate that the resource group was created
  5. Update the SPARK deployment workbook variables from the script output
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

########################################## Required Modules ##########################################
#Install-Module Az.Resources

########################################## Resource Group ##########################################

# To get a list of available locations, run the following commands
#Get-AzContext
#Get-AzLocation | Select-Object DisplayName, Location

# The resource group
$rgInfo = @{
    name = "sub-SPARK-rg"
    location = "eastus2"
}

########################################## Connect to Azure ##########################################

# Connect to Azure
Import-Module Az.Resources
Connect-AzAccount | Out-Null;

########################################## Create Resource Group ##########################################
# Create the resource group
$rg = New-AzResourceGroup -Name $rgInfo.name -Location $rgInfo.location

########################################## Variables ##########################################
# Output the variables for the spreadsheet
Write-Host "Spreadsheet value v_location: $($rg.Location)"
Write-Host "Spreadsheet value v_resourceGroupName: $($rg.ResourceGroupName)"

########################################## Disconnect ##########################################
Disconnect-AzAccount | Out-Null;

Manual Steps:

Video Walkthrough

Step 1. Create the SPARK Resource Group

  1. Sign into the Microsoft Azure Portal

Use the correct URL for your environment:

Azure Worldwide (Commercial) & GCC https://portal.azure.com
Azure Government GCC-High and DoD https://portal.azure.us


  1. Expand the left navigation menu
  2. Hover over Resource Groups, then in the fly-out click + Create to create the Resource Group
Add Resource Group
  1. On the Basics tab, in the Subscription field, select the Subscription to create the Resource Group in.
  2. In the Resource Group name field, enter a name for the SPARK Resource Group:
    e.g. (OrgName)-SPARK-rg (OrgName) is defined by the organization’s naming convention</small>
  3. In the Region field, select the region to deploy the Resource Group to.

We highly recommend deploying all SPARK resources into the same region. Prior to deployment, verify you have available quota and usage for the desired region.

  1. Select Review + Create
  2. Click on Create to create the resource group
Create Resource Group

📎 WRITE THIS DOWN!!

FILL IN THE FOLLOWING VALUES INTO THE SPARK DEPLOYMENT WORKBOOK!

  • v_ResourceGroupName: = (OrgName)-SPARK-rg (The full resource group name)
  • v_location: = e.g. USGovVirginia (The region selected for the resource group)

Step 2: Configure Resource Group

  1. Expand the left navigation menu
  2. Hover over Resource Groups, then in the fly-out then click 👁️ View to create the Resource Group
  3. Click on View to view your Resource Groups
View Resource Group
  1. Click your *-SPARK-rg resource group
  2. In the left menu, click Access control (IAM)
  3. In the top navigation, Click +Add and then select the Add role assignment
Add Role Assignment
  1. On the Role tab, select Privileged administrator roles and select the Owner role
  2. Click on Next
Configure Role
  1. On the Members tab, select + Select Members
  2. Search for and select the SPARK System Admins group
  3. Click on Select, then Next
Configure Members
  1. On the Conditions tab: In the What the user can do section, ensure the Allow user to only assign selected roles to selected principals (fewer privileges) option is selected.
  2. In the Condition section, click on + Select roles and Principals
Configure Conditions
  1. On the Add role assignment condition tab: Under Constrain roles, select Configure
  2. From the right fly-out pane, click on + Add role
Configure Constrain Roles
  1. Select the Privileged administrator roles tab
  2. Select Owner and click on Select
  3. Click on Save to configure the role
  4. Click on Save to save the role assignment
  5. Click on Review + assign to jump to the last configuration step
  6. Finally, click on Review + assign to configure the role assignment
Select Role

YOU HAVE COMPLETED THE SPARK PRE-DEPLOYMENT STEPS!

DO NOT CONTINUE ON TO THE DEPLOYMENT PHASE WITHOUT A MEMBER OF THE SPARK DEPLOYMENT TEAM!

References

  1. Reference Link - Use the Azure portal and Azure Resource Manager to manage resource groups 

  2. Reference Link - Azure roles, Microsoft Entra roles, and classic subscription administrator roles