@sc2317
Hi , you're welcome
From my experience i've seen two patterns :
- Group resources sharing the same lifecycle . It can be an application or a solution so you have all the components in the same resource group .
- Group resources by area so you will have monitoring tools in the same rg the security tools in other the networking tools or components in a different one . The idea behind is to leverage Role based access control and provide least privilege. For example a network engineer should able to manage networking components only and nothing else .
The subscription is at an higher level so you can have subscription for each environment
Dev Preprod Prod for example and in each subscription have the relevant resource groups whether they belong to this or that environment .Since there is a quota for some resources per subscription one subscription may not be enough ( Thousand and thousand of vms or containers) but you can still differenciate prod and non prod subscriptions and for the billing purpose it's quite interesting.
