Resource Group Locks
Resource group locks are used to prevent accidental deletion or changes to resources in resource groups. There are two types of locks CanNotDelete and ReadOnly. Locks on a resource group will inherit down to the resource within the group.
For example, if you apply the CanNotDelete lock to a resource group you cannot delete any resources within that group without first removing the lock
Adding and removing a Lock via the portal
Navigate to the resource group select Locks and enter the required details.
- Lock name – a descriptive name you you,
- Lock type – either by Read-only or Delete.
- Notes – an optional area to add addition details above the lock, an internal reference number maybe
If you need to delete or change a resource at a later date and the lock prevents you you will need to come back into the locks section and delete the lock.
Using PowerShell to list the Locks in place on a resource group
Get-AzureRmResourceLocak -ResourceGroupName myorg-app1-rg
Using PowerShell to add a Lock
New-AzureRm-ResourceLock -LockName lock-deletes-of-app1-resources -LockLevel CanNotDelete -ResourceGroupName myorg-app1-rg
Using PowerShell to remove a Lock
#Store the id of the lock in a variable $lockID = (Get-AzureRmResourceLocak -ResourceGroupName myorg-app1-rg).LockId #Remove the Lock Remove-AzureRmResourceLock -LockId $lockID
Using AzureCLI to add a Lock
az lock create --name lock-deletes-of-app1-resources --lock-type CanNotDelete --resource-gorup myorg-app1-rg