Quickstart: Create a management group with Go
Management groups are containers that help you manage access, policy, and compliance across multiple subscriptions. Create these containers to build an effective and efficient hierarchy that can be used with Azure Policy and Azure Role Based Access Controls. For more information on management groups, see Organize your resources with Azure management groups.
The first management group created in the directory could take up to 15 minutes to complete. There are processes that run the first time to set up the management groups service within Azure for your directory. You receive a notification when the process is complete. For more information, see initial setup of management groups.
Prerequisites
If you don't have an Azure subscription, create a trial subscription account before you begin.
An Azure service principal, including the clientId and clientSecret. If you don't have a service principal for use with Azure Policy or want to create a new one, see Azure management libraries for .NET authentication. Skip the step to install the .NET Core packages as we'll do that in the next steps.
Any Microsoft Entra ID user in the tenant can create a management group without the management group write permission assigned to that user if hierarchy protection isn't enabled. This new management group becomes a child of the Root Management Group or the default management group and the creator is given an Owner role assignment. Management group service allows this ability so that role assignments aren't needed at the root level. When the Root Management Group is created, users don't have access to it. To start using management groups, the service allows the creation of the initial management groups at the root level. For more information, see Root management group for each directory.
Note
Before you can use Azure CLI in Microsoft Azure operated by 21Vianet, please run az cloud set -n AzureChinaCloud
first to change the cloud environment. If you want to switch back to Azure Public Cloud, run az cloud set -n AzureCloud
again.
Add the management group package
To enable Go to manage management groups, the package must be added. This package works wherever Go can be used, including bash on Windows 10 or locally installed.
Check that the latest Go is installed (at least 1.15). If it isn't yet installed, download it at Golang.org.
Check that the latest Azure CLI is installed (at least 2.5.1). If it isn't yet installed, see Install the Azure CLI.
Note
Azure CLI is required to enable Go to use the
auth.NewAuthorizerFromCLI()
method in the following example. For information about other options, see Azure SDK for Go - More authentication details.Authenticate through Azure CLI.
az login
In your Go environment of choice, install the required packages for management groups:
# Add the management group package for Go go install github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2020-05-01/managementgroups@latest # Add the Azure auth package for Go go install github.com/Azure/go-autorest/autorest/azure/auth@latest
Application setup
With the Go packages added to your environment of choice, it's time to set up the Go application that can create a management group.
Create the Go application and save the following source as
mgCreate.go
:package main import ( "context" "fmt" "os" mg "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2020-05-01/managementgroups" "github.com/Azure/go-autorest/autorest/azure/auth" ) func main() { // Get variables from command line arguments var mgName = os.Args[1] // Create and authorize a client mgClient := mg.NewClient() authorizer, err := auth.NewAuthorizerFromCLI() if err == nil { mgClient.Authorizer = authorizer } else { fmt.Printf(err.Error()) } // Create the request Request := mg.CreateManagementGroupRequest{ Name: &mgName, } // Run the query and get the results var results, queryErr = mgClient.CreateOrUpdate(context.Background(), mgName, Request, "no-cache") if queryErr == nil { fmt.Printf("Results: " + fmt.Sprint(results) + "\n") } else { fmt.Printf(queryErr.Error()) } }
Build the Go application:
go build mgCreate.go
Create a management group using the compiled Go application. Replace
<Name>
with the name of your new management group:mgCreate "<Name>"
The result is a new management group in the root management group.
Clean up resources
If you wish to remove the installed packages from your Go environment, you can do so by using the following command:
# Remove the installed packages from the Go environment
go clean -i github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2020-05-01/managementgroups
go clean -i github.com/Azure/go-autorest/autorest/azure/auth
Next steps
In this quickstart, you created a management group to organize your resource hierarchy. The management group can hold subscriptions or other management groups.
To learn more about management groups and how to manage your resource hierarchy, continue to: