A lot of organizations rely on tags for organizing Azure resources. Tags are useful to contain metadata about owners, environment, function and are also very useful to keep track of costs.
When you create an Azure Databricks cluster, the service will create a managed resource group on your behalf. This managed resource group has a special role assignment linked it: a Deny Assignment for all principals:
This means that nobody in your AAD tenant, user or service principal, has the ability to make changes to the resources in that resource group. And that ability includes the ability to add/remove tags to the resource group or the resources in the resource group.
You have two options to tag this managed resource group and the resources contained in it:
- Through Azure Policy at creation time. For more info on this, check out this earlier post I made.
- By tagging the Databricks resource directly. Since Feb 10 2020, the Databricks resource will propagate any tags applied to the Databricks resource to the managed resources it created.
Let me show you an example of both. I have a policy in place that automatically tags a resource group with its creation data. You can see that tag in the screenshot below. As you can also see, there are no custom tags applied to this resource group:
Let’s now try to add additional tags to this. To achieve this, you’ll need to tag the Databricks resource itself. I added a tag to the Databricks resource called newtag:
This tag gets automatically added to the managed resource group:
And also to all the underlying resources:
Summary
In this post I quickly explained how you can tag the resources created by a Databricks. You need to tag the Databricks resources, and that will propagate any tags to the managed resources it created.