# Azure Resource Naming Conventions (3 Character Region Codes)

**Last Updated**: 2025-01-27  
**Status**: Active - Standard Convention  
**Purpose**: Azure resource naming with 3-character region codes (standard)

## Standard Naming Pattern

All Azure resources follow this standard naming convention using **exactly 3-character region codes**:

```
{cloud_provider}-{env_code}-{region_code}-{resource_type}-{purpose}-{instance}
```

> **Note**: This is the **standard convention** using exactly 3-character region codes (e.g., `wst`, `nor`, `frc`).  
> **Alternative**: See [Azure Naming Convention (2-3 Character)](AZURE_NAMING_CONVENTION_2CHAR.md) for 2-3 character codes.

> **Related Documentation**:
> - [Azure Naming Convention (2-3 Character)](AZURE_NAMING_CONVENTION_2CHAR.md) - Alternative 2-3 character region code convention

## Table of Contents

- [Standard Naming Pattern](#standard-naming-pattern)
  - [Components](#components)
  - [Examples](#examples)
- [Region Codes (3-Character Standard)](#region-codes-3-character-standard)
- [Resource Type Abbreviations](#resource-type-abbreviations)
- [Purpose Abbreviations](#purpose-abbreviations)
- [Naming Rules](#naming-rules)
- [Legacy Naming (Deprecated)](#legacy-naming-deprecated)
- [Migration Strategy](#migration-strategy)
- [Scripts and Tools](#scripts-and-tools)
- [Validation](#validation)
- [Examples](#examples-1)
  - [Production Resources (West Europe)](#production-resources-west-europe)
  - [Dev Resources (West Europe)](#dev-resources-west-europe)
  - [Legacy Resources (Deprecated)](#legacy-resources-deprecated)

### Components

- **cloud_provider**: `az` (Azure)
- **env_code**: `p` (production), `d` (dev), `t` (test), `s` (staging)
- **region_code**: **3-letter region code** (e.g., `wst` for westeurope, `nor` for northeurope)
- **resource_type**: Resource type abbreviation (e.g., `rg` for resource group, `kv` for key vault)
- **purpose**: Purpose abbreviation (e.g., `sec` for security, `comp` for compute)
- **instance**: Sequential number (e.g., `001`, `002`)

### Examples

#### Resource Groups
- Compute: `az-p-{code}-rg-comp-001`
- Network: `az-p-{code}-rg-net-001`
- Storage: `az-p-{code}-rg-stor-001`
- Security: `az-p-{code}-rg-sec-001`
- Monitoring: `az-p-{code}-rg-mon-001`
- Identity: `az-p-{code}-rg-id-001`

#### Key Vaults
- Standard: `az-p-{code}-kv-secrets-001`
- Legacy (deprecated): `azp{code}kvsecrets001` ❌

#### AKS Clusters
- Standard: `az-p-{code}-aks-main`
- Dev: `az-d-{code}-aks-dev-main`

#### Virtual Networks
- Standard: `az-p-{code}-vnet-main`

#### Subnets
- AKS: `az-p-{code}-snet-aks`
- Validators: `az-p-{code}-snet-validators`
- Sentries: `az-p-{code}-snet-sentries`
- RPC: `az-p-{code}-snet-rpc`
- Application Gateway: `az-p-{code}-snet-appgateway`

#### Network Security Groups
- Validators: `az-p-{code}-nsg-validators`
- Sentries: `az-p-{code}-nsg-sentries`
- RPC: `az-p-{code}-nsg-rpc`

#### Application Gateways
- Standard: `az-p-{code}-appgateway-main`

#### Public IPs
- Application Gateway: `az-p-{code}-appgateway-ip`

#### Log Analytics Workspaces
- Standard: `az-p-{code}-law-main`

## Region Codes (3-Character Standard)

**All region codes are now standardized to exactly 3 characters.**

| Region | Code | Full Name | Old Code |
|--------|------|-----------|----------|
| `northeurope` | `nor` | North Europe | `ne` |
| `uksouth` | `uks` | UK South | `uks` |
| `ukwest` | `ukw` | UK West | `ukw` |
| `westeurope` | `wst` | West Europe | `we` |
| `francecentral` | `frc` | France Central | `fc` |
| `germanywestcentral` | `gwc` | Germany West Central | `gwc` |
| `switzerlandnorth` | `swn` | Switzerland North | `sn` |
| `switzerlandwest` | `swt` | Switzerland West | `sw` |
| `swedencentral` | `swc` | Sweden Central | `swc` |
| `norwayeast` | `noe` | Norway East | `noe` |
| `polandcentral` | `pol` | Poland Central | `pc` |
| `spaincentral` | `spa` | Spain Central | `sc` |
| `italynorth` | `ita` | Italy North | `in` |
| `southindia` | `sin` | South India | `si` |
| `centralindia` | `cin` | Central India | `ci` |
| `westindia` | `win` | West India | `wi` |
| `belgiumcentral` | `bel` | Belgium Central | `bc` |
| `eastasia` | `eas` | East Asia | `ea` |
| `southeastasia` | `sea` | Southeast Asia | `sea` |
| `japaneast` | `jpe` | Japan East | `je` |
| `japanwest` | `jpw` | Japan West | `jw` |
| `koreacentral` | `kor` | Korea Central | `kc` |
| `koreasouth` | `kos` | Korea South | `ks` |
| `australiaeast` | `aus` | Australia East | `ae` |
| `australiasoutheast` | `ase` | Australia Southeast | `ase` |
| `newzealandnorth` | `nzl` | New Zealand North | `nzn` |
| `indonesiacentral` | `idn` | Indonesia Central | `ic` |
| `malaysiawest` | `mys` | Malaysia West | `mw` |
| `uaenorth` | `uae` | UAE North | `uan` |
| `qatarcentral` | `qat` | Qatar Central | `qc` |
| `israelcentral` | `ilc` | Israel Central | `ilc` |
| `canadacentral` | `can` | Canada Central | `cc` |
| `canadaeast` | `cae` | Canada East | `ce` |
| `brazilsouth` | `bra` | Brazil South | `bs` |
| `chilecentral` | `chl` | Chile Central | `chc` |
| `mexicocentral` | `mex` | Mexico Central | `mc` |
| `southafricanorth` | `zaf` | South Africa North | `san` |

## Resource Type Abbreviations

| Resource Type | Abbreviation | Example |
|--------------|--------------|---------|
| Resource Group | `rg` | `az-p-wst-rg-comp-001` |
| Key Vault | `kv` | `az-p-wst-kv-secrets-001` |
| AKS Cluster | `aks` | `az-p-wst-aks-main` |
| Virtual Network | `vnet` | `az-p-wst-vnet-main` |
| Subnet | `snet` | `az-p-wst-snet-aks` |
| Network Security Group | `nsg` | `az-p-wst-nsg-validators` |
| Application Gateway | `appgateway` | `az-p-wst-appgateway-main` |
| Public IP | `pip` | `az-p-wst-appgateway-ip` |
| Log Analytics Workspace | `law` | `az-p-wst-law-main` |
| Storage Account | `sa` | `az-p-wst-sa-backups-001` |
| Load Balancer | `lb` | `az-p-wst-lb-main` |

## Purpose Abbreviations

| Purpose | Abbreviation | Example |
|---------|--------------|---------|
| Compute | `comp` | `az-p-wst-rg-comp-001` |
| Network | `net` | `az-p-wst-rg-net-001` |
| Storage | `stor` | `az-p-wst-rg-stor-001` |
| Security | `sec` | `az-p-wst-rg-sec-001` |
| Monitoring | `mon` | `az-p-wst-rg-mon-001` |
| Identity | `id` | `az-p-wst-rg-id-001` |
| Secrets | `secrets` | `az-p-wst-kv-secrets-001` |
| Main | `main` | `az-p-wst-aks-main` |
| Backups | `backups` | `az-p-wst-sa-backups-001` |

## Naming Rules

1. **Use lowercase**: All names must be lowercase
2. **Use dashes**: Separate components with dashes (`-`)
3. **No underscores**: Do not use underscores in resource names
4. **No spaces**: Do not use spaces in resource names
5. **Keep it short**: Azure resource names have length limits
6. **Be consistent**: Use the same pattern across all resources
7. **Include region**: Always include region code for multi-region resources
8. **3-character codes**: All region codes must be exactly 3 characters

## Legacy Naming (Deprecated)

Some older resources may use legacy naming:
- Legacy Key Vault: `azp{code}kvsecrets001` ❌ (no dashes, old codes)
- Legacy Resource Group: `azp{code}rgsec001` ❌ (no dashes, old codes)

**Note**: Azure resources cannot be renamed. Legacy resources should be:
1. Migrated to new resources with standard naming (where possible)
2. Documented as legacy
3. Scripts should handle both patterns for backward compatibility

## Migration Strategy

For resources that cannot be renamed (e.g., Key Vaults):
1. Create new resources with standard naming (3-char codes)
2. Migrate data/secrets from legacy resources
3. Update scripts to prefer standard naming
4. Deprecate legacy resources (but keep them for reference)

## Scripts and Tools

- **Check naming**: `scripts/azure/check-naming-conventions.sh`
- **Fix naming**: `scripts/deployment/fix-resource-groups-and-keyvaults.sh`
- **List resources**: `scripts/azure/list-all-resources.sh`

## Validation

All new resources should:
1. Follow the standard naming pattern
2. Use **exactly 3-character** region codes
3. Use correct resource type abbreviations
4. Use correct purpose abbreviations

Use the validation script to check:
```bash
./scripts/azure/check-naming-conventions.sh
```

## Examples

### Production Resources (West Europe)
- Resource Group (Compute): `az-p-wst-rg-comp-001`
- Resource Group (Security): `az-p-wst-rg-sec-001`
- Key Vault: `az-p-wst-kv-secrets-001`
- AKS Cluster: `az-p-wst-aks-main`
- Virtual Network: `az-p-wst-vnet-main`
- Subnet (AKS): `az-p-wst-snet-aks`

### Dev Resources (West Europe)
- Resource Group: `az-d-wst-rg-comp-001`
- AKS Cluster: `az-d-wst-aks-dev-main`
- Key Vault: `az-d-wst-kv-secrets-001`

### Legacy Resources (Deprecated)
- Old Key Vault: `azpwekvsecrets001` (no dashes, old 2-char code)
- Should migrate to: `az-p-wst-kv-secrets-001`