Resource Locks

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 51 minutes
Difficulty
Beginner
CEU/CPE
4
Video Transcription
00:00
>> Organizing is great and all but how can you
00:00
protect your resources from
00:00
accidental deletion or modification?
00:00
A resource lock is a setting that can be applied to
00:00
a resource to block modification or deletion.
00:00
Resource locks are applied on
00:00
the Azure Management rest API,
00:00
which means that they cannot be bypassed.
00:00
All management tools like
00:00
the Portal, Azure PowerShell CLI,
00:00
and SDKs, submit requests via the Management APIs.
00:00
Resource locks can be of two types;
00:00
delete or read only.
00:00
Delete resource locks prevent
00:00
a resource from being deleted while
00:00
read only resource locks
00:00
disallow modification of the resource.
00:00
You need to be careful with
00:00
the read-only resource locks because
00:00
they may have unexpected side effects
00:00
on certain resources.
00:00
For example, read-only resource locks will
00:00
prevent users from retrieving
00:00
the access keys of a storage account.
00:00
Resource logs will work regardless of
00:00
the role-based access control settings
00:00
and add an additional preventative step.
00:00
If you have full modification writes on a resource,
00:00
you are required to remove the resource lock
00:00
before you can make any modifications.
00:00
This prevents accidental modifications even if by
00:00
admins something that actually
00:00
happens more often than you'd think.
00:00
Let's see how resource locks work in practice.
00:00
We'll start by finding
00:00
the resource that we would like to protect.
00:00
If you have used it recently,
00:00
you can click on the resource from
00:00
the homepage or you can follow
00:00
the usual path inside
00:00
the resource group and by clicking on the resource.
00:00
Here on the left side,
00:00
you will see the option locks.
00:00
Alternatively, you can also
00:00
just search for locks in the search box.
00:00
I will click on the locks option and as you can see,
00:00
we don't have any locks applied
00:00
to the resource right now.
00:00
I can click on the "Add" button and then the lock.
00:00
Let's say this is the do not delete lock.
00:00
The lock type will be delete.
00:00
I can add a note and prevent
00:00
the resource from being deleted.
00:00
Once I click "Okay",
00:00
this resource lock will be
00:00
applied to the virtual network.
00:00
Let's see what we can do with the virtual network.
00:00
I would like to add additional subnets.
00:00
I can go and click on other subnet.
00:00
I'll call it public.
00:00
I'll choose another CIDR.
00:00
I'll say, "Okay" and as you can see,
00:00
the resource lock does not
00:00
prevent us from modifying the resource.
00:00
Let's try to delete the resource now.
00:00
I'll go to the Overview tab and I'll say "Delete".
00:00
I'll confirm that I want to delete it and as you can see,
00:00
it fails the deletion because
00:00
the resource lock is applied.
00:00
It says, "Please remove the lock and try again."
00:00
We can go back and remove the lock.
00:00
If I go back to "Overview"
00:00
and try to delete the resource,
00:00
everything will go without a problem.
00:00
As you can see, the resource can be
00:00
deleted after we remove the resource lock.
00:00
Now you know how you can use
00:00
resource locks to protect your resources.
Up Next