This section introducesPowerShell scripts that can be used for the automation of resource lock management, as well as for quicker administration times. Please ensure that the Az module is installed, as per the Technical requirements section at the beginning of the chapter.
Applying a resource lock to a resource
To lock a resource, provide the name of the resource, its resource type, and its resource group name for the following script:
New-AzResourceLock -LockLevel CanNotDelete -LockName LockSite -ResourceName examplesite -ResourceType Microsoft.Web/sites -ResourceGroupName exampleresourcegroup
Now, let’s try the same for a resource group.
Applying a resource lock to a resource group
To lock a resource group, provide the name of the resource group and the type of lock to be applied using the following script:
New-AzResourceLock -LockName LockGroup -LockLevel CanNotDelete -ResourceGroupName exampleresourcegroup
This applies the resource lock to the resource group successfully.
Viewing resource locks in effect
To get information about a lock, use the Get-AzResourceLock cmdlet. To get all locks in your subscription, use the following command:
Get-AzResourceLock
Tip
Always check restrictions to prevent unexpected behaviors, such as locks preventing backup. See the following URL for more information on this:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=js on#considerations-before-applying-locks.
ARM templates
For automation or simplified administration, we can also make use of Azure Resource Manager (ARM) templates for the creation of resource locks. This is just another way toachieve the same goal. Here’s how to do this:
- When applying to an individual resource, the scope property must be specified.
- When applying to a resource group or subscription, the scope property can be omitted.
The following example JavaScript Object Notation (JSON) template code defines a lock at the resource group level:
{
“$schema”: “https://schema.management.azure.com/ schemas/2019-04-01/deploymentTemplate.json#”,
“contentVersion”: “1.0.0.0”,
“parameters”: {
},
“resources”: [
{
“type”: “Microsoft.Authorization/locks”,
“apiVersion”: “2016-09-01”,
“name”: “rgLock”,
“properties”: {
“level”: “CanNotDelete”,
“notes”: “Resource group should not be deleted.”
}
}
]
}
Tip
It’s advisable to always apply Delete locks on resource groups to prevent accidental resource deletion.
Further reading
That brings this section to an end. In this section, we have learned what resource locks are, why they are necessary, and how they work.
We encourage you to read up further by using the following link:
Microsoft documentation for resource locks: https://docs.microsoft. com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json
The following link will provide some references to situations where you might want to apply resource locks within your Azure Blueprints:
Resource locks in Azure Blueprints: https://docs.microsoft.com/en-us/ azure/governance/blueprints/concepts/resource-locking
Leave a Reply