Resource Group Locks

Resource group locks are used to prevent accidental deletion or changes to resources in resource groups. There are two types of locks CanNotDelete and ReadOnly. Locks on a resource group will inherit down to the resource within the group.

For example, if you apply the CanNotDelete lock to a resource group you cannot delete any resources within that group without first removing the lock

Adding and removing a Lock via the portal

Navigate to the resource group select Locks and enter the required details.

  • Lock name – a descriptive name you you,
  • Lock type – either by Read-only or Delete.
  • Notes – an optional area to add addition details above the lock, an internal reference number maybe

If you need to delete or change a resource at a later date and the lock prevents you you will need to come back into the locks section and delete the lock.

Using PowerShell to list the Locks in place on a resource group

Get-AzureRmResourceLocak -ResourceGroupName myorg-app1-rg

Using PowerShell to add a Lock

New-AzureRm-ResourceLock -LockName lock-deletes-of-app1-resources -LockLevel CanNotDelete -ResourceGroupName myorg-app1-rg

Using PowerShell to remove a Lock

#Store the id of the lock in a variable
$lockID = (Get-AzureRmResourceLocak -ResourceGroupName myorg-app1-rg).LockId

#Remove the Lock
Remove-AzureRmResourceLock -LockId $lockID

Using AzureCLI to add a Lock

az lock create --name lock-deletes-of-app1-resources --lock-type CanNotDelete --resource-gorup myorg-app1-rg