DEV Community

Cover image for MANAGING RESOURCE LOCKS IN MICROSOFT AZURE
Emmanuel Oluajo
Emmanuel Oluajo

Posted on

MANAGING RESOURCE LOCKS IN MICROSOFT AZURE

Resource locks are used to protect Azure subscriptions, resource groups or resources from accidental deletions and modifications. Thus, they can be managed at subscription, resource group or resource levels.
There are two types of resource locks:

  • Delete: Users can read and modify/update a resource, but they can't delete it.
  • Read-only: Users can read a resource, but they can't delete or update it.

Locks can be set up via the Azure portal, template, Azure PowerShell or Azure CLI but in this tutorial, we will be using Azure portal.

PREREQUISITE

  • Working computer
  • Internet connection
  • Microsoft Azure account + active subscription

PROCEDURE

CREATE A RESOURCE GROUP

Navigate your way on the Azure portal and create a resource group by providing a resource group name and choosing a suitable region.
Click on “Review + create” button.

Image description

Image description

Click on the “Create” button after passing validation.

Image description

CREATE A READ-ONLY LOCK

After successfully creating the resource group, click on “Go to resource group”

Image description

On the resource group page, navigate to the side menu and click on the “Settings” blade. Then click on “Locks”.

Image description

On the Lock page, click “Add”. In the pop-up menu, input a lock name and select the “Read-only” lock type.

Image description

TEST THE LOCK

We’re going to test this lock by deploying a resource in the resource group.

Hint: We expect it to be unsuccessful.

DEPLOY A RESOURCE

To make this quick and easy, deploy a storage account in the resource group we created earlier.

Image description

Click on “Review + create” button.

Image description

The “Validation failed” and error message pop-ups indicate that the Read-only lock we added to our resource group is functioning properly.

Image description

CREATE A DELETE LOCK

Navigate to the lock page of the resource group.
Click on “Edit”. In the pop-up menu, select the “Delete” lock type.

Image description

Image description

TEST THE LOCK

To test this lock, we will be deploying a resource in the resource group and try deleting it later on.

Hint: We expect a successful deployment but for the deletion to be unsuccessful.

DEPLOY A RESOURCE

Deploy a storage account in the resource group we created earlier.
Click on “Review + create” button.

Image description

Click on the “Create” button after successful validation.

Image description

DELETE DEPLOYED RESOURCE

After successful deployment of the storage account, click on “Go to resource”.

Image description

On the storage account webpage, click on “Delete”.

Image description

On the menu that pops up, we get a notification as shown.

Image description

This implies a successful implementation of a Delete lock.

Navigate to the lock page of the resource group and delete the lock.

Image description

Another attempt to delete the deployed resource or resource group should be successful.

Top comments (0)