Resource locks are used to protect Azure subscriptions, resource groups or resources from accidental deletions and modifications. Thus, they can be managed at subscription, resource group or resource levels.
There are two types of resource locks:
- Delete: Users can read and modify/update a resource, but they can't delete it.
- Read-only: Users can read a resource, but they can't delete or update it.
Locks can be set up via the Azure portal, template, Azure PowerShell or Azure CLI but in this tutorial, we will be using Azure portal.
PREREQUISITE
- Working computer
- Internet connection
- Microsoft Azure account + active subscription
PROCEDURE
CREATE A RESOURCE GROUP
Navigate your way on the Azure portal and create a resource group by providing a resource group name and choosing a suitable region.
Click on “Review + create” button.
Click on the “Create” button after passing validation.
CREATE A READ-ONLY LOCK
After successfully creating the resource group, click on “Go to resource group”
On the resource group page, navigate to the side menu and click on the “Settings” blade. Then click on “Locks”.
On the Lock page, click “Add”. In the pop-up menu, input a lock name and select the “Read-only” lock type.
TEST THE LOCK
We’re going to test this lock by deploying a resource in the resource group.
Hint: We expect it to be unsuccessful.
DEPLOY A RESOURCE
To make this quick and easy, deploy a storage account in the resource group we created earlier.
Click on “Review + create” button.
The “Validation failed” and error message pop-ups indicate that the Read-only lock we added to our resource group is functioning properly.
CREATE A DELETE LOCK
Navigate to the lock page of the resource group.
Click on “Edit”. In the pop-up menu, select the “Delete” lock type.
TEST THE LOCK
To test this lock, we will be deploying a resource in the resource group and try deleting it later on.
Hint: We expect a successful deployment but for the deletion to be unsuccessful.
DEPLOY A RESOURCE
Deploy a storage account in the resource group we created earlier.
Click on “Review + create” button.
Click on the “Create” button after successful validation.
DELETE DEPLOYED RESOURCE
After successful deployment of the storage account, click on “Go to resource”.
On the storage account webpage, click on “Delete”.
On the menu that pops up, we get a notification as shown.
This implies a successful implementation of a Delete lock.
Navigate to the lock page of the resource group and delete the lock.
Another attempt to delete the deployed resource or resource group should be successful.
Top comments (0)