Lue englanniksi Muokkaa

Jaa

Quickstart: Create a management group with Python

  • Artikkeli

Management groups are containers that help you manage access, policy, and compliance across multiple subscriptions. Create these containers to build an effective and efficient hierarchy that can be used with Azure Policy and Azure Role Based Access Controls. For more information on management groups, see Organize your resources with Azure management groups.

The first management group created in the directory could take up to 15 minutes to complete. There are processes that run the first time to set up the management groups service within Azure for your directory. You receive a notification when the process is complete. For more information, see initial setup of management groups.

Prerequisites

  • If you don't have an Azure subscription, create a free account before you begin.

  • Any Microsoft Entra ID user in the tenant can create a management group without the management group write permission assigned to that user if hierarchy protection isn't enabled. This new management group becomes a child of the Root Management Group or the default management group and the creator is given an Owner role assignment. Management group service allows this ability so that role assignments aren't needed at the root level. When the Root Management Group is created, users don't have access to it. To start using management groups, the service allows the creation of the initial management groups at the root level. For more information, see Root management group for each directory.

Azure Cloud Shell

Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. You can use either Bash or PowerShell with Cloud Shell to work with Azure services. You can use the Cloud Shell preinstalled commands to run the code in this article, without having to install anything on your local environment.

To start Azure Cloud Shell:

Option Example/Link
Select Try It in the upper-right corner of a code or command block. Selecting Try It doesn't automatically copy the code or command to Cloud Shell. Screenshot that shows an example of Try It for Azure Cloud Shell.
Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. Button to launch Azure Cloud Shell.
Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. Screenshot that shows the Cloud Shell button in the Azure portal

To use Azure Cloud Shell:

  1. Start Cloud Shell.

  2. Select the Copy button on a code block (or command block) to copy the code or command.

  3. Paste the code or command into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux, or by selecting Cmd+Shift+V on macOS.

  4. Select Enter to run the code or command.

Add the Resource Graph library

To enable Python to manage management groups, the library must be added. This library works wherever Python can be used, including bash on Windows 10 or locally installed.

  1. Check that the latest Python is installed (at least 3.8). If it isn't yet installed, download it at Python.org.

  2. Check that the latest Azure CLI is installed (at least 2.5.1). If it isn't yet installed, see Install the Azure CLI.

    Huomautus

    Azure CLI is required to enable Python to use the CLI-based authentication in the following examples. For information about other options, see Authenticate using the Azure management libraries for Python.

  3. Authenticate through Azure CLI.

    Azure CLI 
    az login

  4. In your Python environment of choice, install the required libraries for management groups:

    Bash 
    # Add the management groups library for Python
pip install azure-mgmt-managementgroups

# Add the Resources library for Python
pip install azure-mgmt-resource

# Add the CLI Core library for Python for authentication (development only!)
pip install azure-cli-core

    Huomautus

    If Python is installed for all users, these commands must be run from an elevated console.

  5. Validate that the libraries have been installed. azure-mgmt-managementgroups should be 0.2.0 or higher, azure-mgmt-resource should be 9.0.0 or higher, and azure-cli-core should be 2.5.0 or higher.

    Bash 
    # Check each installed library
pip show azure-mgmt-managementgroups azure-mgmt-resource azure-cli-core

Create the management group

  1. Create the Python script and save the following source as mgCreate.py:

    Python 
    # Import management group classes
from azure.mgmt.managementgroups import ManagementGroupsAPI

# Import specific methods and models from other libraries
from azure.common.credentials import get_azure_cli_credentials
from azure.common.client_factory import get_client_from_cli_profile
from azure.mgmt.resource import ResourceManagementClient, SubscriptionClient

# Wrap all the work in a function
def createmanagementgroup( strName ):
    # Get your credentials from Azure CLI (development only!) and get your subscription list
    subsClient = get_client_from_cli_profile(SubscriptionClient)
    subsRaw = []
    for sub in subsClient.subscriptions.list():
        subsRaw.append(sub.as_dict())
    subsList = []
    for sub in subsRaw:
        subsList.append(sub.get('subscription_id'))

    # Create management group client and set options
    mgClient = get_client_from_cli_profile(ManagementGroupsAPI)
    mg_request = {'name': strName, 'display_name': strName}

    # Create management group
    mg = mgClient.management_groups.create_or_update(group_id=strName,create_management_group_request=mg_request)

    # Show results
    print(mg)

createmanagementgroup("MyNewMG")

  2. Authenticate with Azure CLI with az login.

  3. Enter the following command in the terminal:

    Bash 
    py mgCreate.py

The result of creating the management group is output to the console as an LROPoller object.

Clean up resources

If you wish to remove the installed libraries from your Python environment, you can do so by using the following command:

Bash 
# Remove the installed libraries from the Python environment
pip uninstall azure-mgmt-managementgroups azure-mgmt-resource azure-cli-core

Next steps

In this quickstart, you created a management group to organize your resource hierarchy. The management group can hold subscriptions or other management groups.

To learn more about management groups and how to manage your resource hierarchy, continue to:

Manage your resources with management groups