When they are deployed, Azure Managed Applications create a so called “Managed Resource Group”. This resource group contains all the Azure Services that the managed application needs to function. Since this resource group is not created manually, it is not straight forward to tag this resource group. Also, when tags are added manually to the managed resource group afterwards, they get removed again on the next deployment of the managed application.
The solution is an undocumented feature (at least I did not find any documentation): When the managed application is tagged, the tags are inherited by the managed resource group. If you, e.g., create a ux4iot instance using Bicep, you can do this:
resource managedApp 'Microsoft.Solutions/applications@2021-07-01' = {
name: 'ux4iot'
kind: kind
location: resourceGroup().location
tags: {
customer: 'di'
project: '@sth'
}
plan: serviceCatalog ? null : {
name: 'standard'
product: 'ux4iot'
publisher: 'deviceinsightgmbh-4961725'
version: '2.0.0'
}
properties: {
managedResourceGroupId: managedGroupId
applicationDefinitionId: serviceCatalog ? '/subscriptions/ab92703c-7fdb-4a1e-8ea8-b402f4e2ea25/resourceGroups/ux4iot-shared/providers/Microsoft.Solutions/applicationDefinitions/ux4iot' : null
parameters: {
iotHubEventHubConnectionString: {
value: iotHubEventHubConnectionString
}
iotHubServiceConnectionString: {
value: iotHubServiceConnectionString
}
}
}
}
The managed resource group will get the tags customer and project.
This is also the behavior of AKS which has a similar situation with auto-created resource groups, see here.
Delivering excellence in IoT. We are an IoT Solution Provider for Smart Products, Connected Vehicles, Smart City, Smart Energy and Smart Production.