Azure Naming Conventions
We follow Microsoft's Cloud Adoption Framework (CAF) naming and tagging guidance for all Azure resources. Consistent names make resources self-describing (type, workload, environment, region) and keep cost reports, RBAC, and automation predictable.
Our subscription naming (opennav-prod, etc.) already uses this convention โ see Azure Subscriptions Setup. This page is the standard to follow inside those subscriptions.
The patternโ
<resource-type>-<workload>-<environment>-<region>-<instance>
| Component | Meaning | Examples |
|---|---|---|
resource-type | CAF abbreviation for the resource | rg, st, kv, psql |
workload | App / project short code | opennav |
environment | Deployment stage | prod, nonprod, sandbox |
region | Azure region short name | eastus |
instance | Zero-padded instance number | 001 |
Example: a production resource group โ rg-opennav-prod-eastus-001.
Rules: lowercase, hyphen-separated, segments in this fixed order. Omit a segment only when it doesn't apply (e.g. globally-unique types that forbid hyphens โ see below).
Our standard valuesโ
| Slot | Allowed values |
|---|---|
Workload (org_prefix) | opennav |
| Environment | prod, nonprod, sandbox |
| Region | eastus (primary) |
| Instance | 001, 002, โฆ |
These mirror the Terraform variables in infra/azure (org_prefix, the subscriptions map keys).
Resource type abbreviations (CAF)โ
Common ones we use. Full list in the CAF abbreviation reference.
| Resource | Abbrev | Example |
|---|---|---|
| Resource group | rg | rg-opennav-prod-eastus-001 |
| Storage account | st | stopennavprodeus001 ยน |
| Key Vault | kv | kv-opennav-prod-eus ยน |
| PostgreSQL flexible server | psql | psql-opennav-prod-eastus-001 |
| App Service plan | asp | asp-opennav-prod-eastus-001 |
| Web App / App Service | app | app-opennav-prod-eastus-001 |
| Function App | func | func-opennav-prod-eastus-001 |
| Container registry | cr | cropennavprod001 ยน |
| Virtual network | vnet | vnet-opennav-prod-eastus-001 |
| Subnet | snet | snet-opennav-prod-eastus-001 |
| Network security group | nsg | nsg-opennav-prod-eastus-001 |
| Log Analytics workspace | log | log-opennav-prod-eastus-001 |
| Application Insights | appi | appi-opennav-prod-eastus-001 |
| Managed identity | id | id-opennav-prod-eastus-001 |
| Management group | mg | mg-opennav-platform |
| Databricks workspace | dbw | dbw-opennav-prod-eastus-001 |
Databricks managed resource group. Creating a Databricks workspace auto-creates a second, Azure-managed resource group named
databricks-rg-<workspace>-<hash>(holding the workspace's VNet, storage, NAT gateway, etc.). You don't name or manage that one โ Azure owns it.
ยน Globally-unique / restricted names. Some resources have tight rules that break the standard pattern:
- Storage account โ 3โ24 chars, lowercase letters + digits only, no hyphens, globally unique. Use a compact form:
st+ workload + env + region-short + instance, e.g.stopennavprodeus001. - Key Vault โ 3โ24 chars, globally unique; hyphens allowed but keep it short.
- Container registry โ 5โ50 chars, alphanumeric only, globally unique.
When hyphens aren't allowed, drop them and shorten the region (e.g. eus for East US) โ but keep the same segment order.
Taggingโ
Every resource carries these tags (the Terraform applies them via common_tags):
| Tag | Value |
|---|---|
managed_by | terraform |
project | open-navigator |
environment | prod / nonprod / sandbox |
cost_center | engineering |
owner | resource owner |
Tags drive cost attribution and lifecycle policies โ prefer them over encoding extra metadata into names.
Region short namesโ
| Region | Long | Short |
|---|---|---|
| East US | eastus | eus |
| West US 2 | westus2 | wus2 |
| Central US | centralus | cus |
Use the long form in the standard pattern; use the short form only for hyphen-restricted names.