Step 6 - Creating the Azure Resource Group

SPARK utilizes Azure resources which are configured within an Azure Resource Group.

Requirements

An Azure Subscription or Tenant Administrator will be required for this step.1 At minimum the person creating the Resource Group must have:

  • Access to the Azure Government Portal
  • The Owner or Contributor Privileged Azure RBAC Role for the Azure Subscription
  • (If Contributor), add the Role Based Access Control Administrator RBAC Role for the Azure Subscription 2

Steps to complete:

Step 1. Create the SPARK Resource Group

  1. Sign into the Microsoft Azure Portal

Use the correct URL for your environment:

Azure Worldwide (Commercial) & GCC https://portal.azure.com
Azure Government GCC-High and DoD https://portal.azure.us


  1. Expand the left navigation menu

  2. Hover over Resource Groups, then in the fly-out click + Create to create the Resource Group

Add Resource Group

  1. On the Basics tab, in the Subscription field, select the Subscription to create the Resource Group in.

  2. In the Resource Group name field, enter a name for the SPARK Resource Group:
    e.g. (OrgName)-SPARK-rg (OrgName) is defined by the organization’s naming convention</small>

  3. In the Region field, select the region to deploy the Resource Group to.

We highly recommend deploying all SPARK resources into the same region. Prior to deployment, verify you have available quota and usage for the desired region.

  1. Select Review + Create

  2. Click on Create to create the resource group

Create Resource Group

📎 WRITE THIS DOWN!!

FILL IN THE FOLLOWING VALUES INTO THE SPARK DEPLOYMENT WORKBOOK!

  • v_ResourceGroupName: = (OrgName)-SPARK-rg (The full resource group name)
  • v_location: = e.g. USGovVirginia (The region selected for the resource group)

Step 2: Configure Resource Group

  1. Expand the left navigation menu

  2. Hover over Resource Groups, then in the fly-out then click 👁️ View to create the Resource Group

  3. Click on View to view your Resource Groups

View Resource Group

  1. Click your *-SPARK-rg resource group

  2. In the left menu, click Access control (IAM)

  3. In the top navigation, Click +Add and then select the Add role assignment

Add Role Assignment

  1. On the Role tab, select Privileged administrator roles and select the Owner role

  2. Click on Next

Configure Role

  1. On the Members tab, select + Select Members

  2. Search for and select the SPARK System Admins group

  3. Click on Select, then Next

Configure Members

  1. On the Conditions tab:

    In the What the user can do section, ensure the Allow user to only assign selected roles to selected principals (fewer privileges) option is selected.

  2. In the Condition section, click on + Select roles and Principals

Configure Conditions

  1. On the Add role assignment condition tab: Under Constrain roles, select Configure

  2. From the right fly-out pane, click on + Add role

Configure Constrain Roles

  1. Select the Privileged administrator roles tab

  2. Select Owner and click on Select

  3. Click on Save to configure the role

  4. Click on Save to save the role assignment

  5. Click on Review + assign to jump to the last configuration step

  6. Finally, click on Review + assign to configure the role assignment

Select Role
{: .warning-title} > > YOU HAVE COMPLETED THE SPARK PRE-DEPLOYMENT STEPS! > > ⛔ **DO NOT CONTINUE ON TO THE DEPLOYMENT PHASE WITHOUT A MEMBER OF THE SPARK DEPLOYMENT TEAM!**

References

  1. Reference Link - Use the Azure portal and Azure Resource Manager to manage resource groups 

  2. Reference Link - Azure roles, Microsoft Entra roles, and classic subscription administrator roles