A resource lock in Azure is a tool designed to prevent resources from being accidentally deleted or changed. Even if you have role-based access control (RBAC) policies in place, there is still a risk that someone with the right permissions could delete or modify important resources. Resource locks add an extra layer of protection to ensure the safety of your critical cloud resources.
Types of Resource Locks
There are two types of resource locks in Azure:
Delete Lock:
- Users with the right permissions can read and modify the resource.
- Users cannot delete the resource.
ReadOnly Lock:
- Users with the right permissions can read the resource.
- Users cannot delete or update the resource.
- This is similar to the permissions granted by the Reader role.
Applying Resource Locks
Resource locks can be applied at different levels:
- Individual Resource: Lock a specific resource.
- Resource Group: Lock all resources within a group.
- Subscription: Lock all resources within a subscription.
Locks are inherited, so if you place a lock on a resource group, all resources within that group will also be locked.
Managing Resource Locks
You can manage resource locks using various methods:
- Azure Portal: Go to the Settings section of any resource’s Settings pane to view, add, or delete locks.
- PowerShell: Use PowerShell commands to manage locks.
- Azure CLI: Use the Azure Command-Line Interface (CLI) to manage locks.
- Azure Resource Manager Template: Define locks within a template for deployment.
Deleting or Changing a Locked Resource
To delete or change a locked resource, you need to follow a two-step process:
- Remove the Lock: You must first remove the lock from the resource.
- Perform the Action: After removing the lock, you can delete or update the resource as needed.
Even if you are the owner of the resource, you must remove the lock before performing any action that the lock prevents.
Resource locks in Azure provide an important safeguard against accidental deletions or modifications of critical resources. By using resource locks, you can ensure that your cloud environment remains secure and stable, preventing unwanted changes and maintaining control over your resources. Whether you manage them through the Azure portal, PowerShell, CLI, or templates, resource locks are a simple yet effective way to protect your infrastructure.
For more detailed guidance on managing resource locks, visit the Microsoft Azure documentation.
