organizing is great and all, but
how can you protect your resources from accidental deletion or modification?
A resource lock is a setting that can be applied to a resource to block modification or deletion.
Resource locks are applied on the azure management rest API, which means that they cannot be bypassed.
All management tools like the portal as your power shall CLI and SdK s submit requests via the management. A P s
resource locks can be of two types.
delete resource locks. Prevent a resource from being deleted while read only resource locks disallow modification of the resource.
You need to be careful with the read only resource locks because they may have unexpected side effects on certain resources.
For example, read only resource locks will prevent users from retrieving the access keys of a storage account.
Resource locks will work regardless of the role based access control settings and add an additional preventative step.
If you have full modification rights on a resource, you are required to remove the resource lock before you can make any modifications.
This prevents accidental modifications, even if by admins something that actually happens more often than you'd think,
Let's see how resource locks work in practice.
We'll start by finding the resource that we would like to protect.
If you have used it recently, you can click on the resource from the home page. Or you can follow the usual path through resource groups
inside the resource group, and by clicking on the resource
here on the left side, you will see the option locks.
Alternatively, you can also just search for locks in the search box.
I will click on the locks option, and as you can see, we don't have any locks. Apply to the resource Right now.
I can click on the add button and name the lock. Let's say this is the Do not delete lock.
The lock type will be delete.
I can add a note and prevent the resource from being deleted.
Once I click. OK, this resource lock will be applied to the virtual network.
let's see what we can do with the virtual network.
I would like to add additional subnets. I can go and click on other sub Net. I'll call it public.
I'll choose another C i. D E r.
and as you can see the resource lock does not prevent us from modifying the resource.
Let's try to delete the resource. Now I'll go to the overview tab and I'll say, Delete.
I'll confirm that I want to delete it and as you can see, it fails the deletion because the resource lock is applied.
It says, Please remove the lock and try again.
We can go back and remove the lock.
And now if I go back to overview and try to delete the resource, everything will go without a problem.
As you can see, the resource can be deleted after we remove the resource lock.
Now you know how you can use resource locks to protect your resources.