Protect your infrastructure with locks
Dimitar Iliev ??
Azure AI Solutions Architect ● B. Sc. Computer Science and Engineering ● 7 x Microsoft Certified ● 23 x Microsoft Applied Skills ● Speaker ● Generative AI ● Scrum Master Certified ● 1 x GitHub Certified
What are locks?
According to the official?MS Docs (Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Docs) you can lock a subscription, resource group or a single resource to protect them from accidental deletions or modifications.
There are two types of locks that you can use:
Delete lock means users can read or modify the resource but they cannot delete it.
Read-only lock means that users can read the resource, but they cannot delete or update it.
Let's look at an example of how we can use these types of locks.
Locking a resource group
Let’s demonstrate this with a simple example by using a resource group.
Time to create our resource group. Go to the Azure portal and search for 'Resource groups'.
Click on the '+ Create' button.
Fill in the details for the group similar to the below:
Click on 'Create' and wait for the resource group to be successfully created.
After that, open the newly created resource group.
From the side menu choose 'Locks'.
Click on the '+ Add' button to add a new lock.
As we can see, we need to add a lock name (which is required), select a lock type (Read-only or Delete). Optionally we can add notes.
For this example, first we will choose a 'Delete' lock type. Set the lock name to 'can-not-delete-lock' and click 'OK'.
We have applied a lock to our resource group.
Let's now try to delete the resource group. From the top menu choose 'Delete resource group'.
Write the name of the resource group into the field and click 'Delete'.
We can see that the deletion of our resource group was unsuccessful, which confirms that our lock works correctly.
Next, let's add a tag to our resource group. Find the 'Tags' section in our resource group and click on 'edit'. In the new blade, write the name of the tag and a value. Click on 'Save'.
领英推荐
We can see that the tag was successfully applied.
Next, let's change our lock type to 'Read-only'.
Go to the lock we created earlier and click on 'Edit'.
Change the lock type to 'Read-only' and click 'OK'.
Go to the 'Tags' section, click on 'edit' and try to add a new tag. Add a name and a value similar to below and click 'Save'.
Observe that the assignment of the tag failed.
If we check the error, we can see that it says that the scope is locked, and we need to remove the lock and try again.
Let's do just that. Go to the 'Locks' and click on 'Delete' to delete our existing lock.
After the lock is deleted, let's try to add the tag again.
Go to the 'Tags' section, click on 'edit and add the following tag and click 'Save'.
We can observe that the tag was added successfully.
Final thing to do is to try and delete our resource group.
Click on the 'Delete resource group' button.
Fill in the resource group name and click 'Delete'.
Without any locks in place, our resource group was successfully deleted.
Go back to the 'Resource groups' and confirm that we are left with only one resource group just like when we started.
Perfect. We have successfully used both types of lock to protect a resource.
Thanks for sticking to the end of another article from?"Iliev Talks Tech".?#ilievtalkstech