In my company we are used to using one Azure resource group per environment. Each environment includes one instance of everything the application contains, for example a keyvault, application insights and several webapps. What I've interpreted from the documentation about Azure App Configuration is that one should be used for all environments. In that case: what would be a logical place to put it? In the production resource group? That doesn't sound logical as it often does not exist yet during the development start. We might also not have contributor rights in that resource group. Then should I put it into an entirely different resource group, separate from the environment resource groups? How would that work with infrastructure as code?
I've followed the basic tutorials and read the microsoft documentation but can't find anything related to which resource group/environment to place it in.
We might also not have contributor rights in that resource group.
This sounds like the biggest concern. App Configuration is great for centralizing configuration that is used among multiple apps. It becomes necessary to use multiple App Configuration instances when a security boundary is needed. Usually, dev vs production is a good example. This is because dev and production generally have different RBAC setups.
As far as how to structure resource groups, I can't offer a one-size-fits-all solution. I imagine the best solution is one that allows the most shared use of a single App Configuration resource, without sacrificing security boundaries.