In my previous blog post Lock Azure resources to prevent accidental deletion, I showed how to add a lock to a resource with an ARM template to protect it from accidental deletion. When you want to delete the resource, you first need to remove the lock. A lock cannot be removed with an ARM template. To remove the lock you can use:
- Rest API
Continue reading “Remove locks from Azure resources”
How a lock can prevent user from accidental deletion of a resource.
In some cases you want to protect critical resources from accidental deletion. Some examples are a storage account with source data for processing, a Key Vault with disk encryption keys, or another key component in your infrastructure. When losing some resources that are key in your infrastructure, recovery can be dramatic. Resource Manager locks will enable you to protect these critical resources from deletion.
Resource Manager locks
Resource Manager locks apply to the management function of the locked resources. The locks do not have any impact the normal functions of the resource. You have two possible types of locks on a resource:
Locking down a resource can save your contributors from accidently delete a critical resources. An ‘oeps… I deleted the wrong resources’ moment should be a thing of the past.
CannotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Continue reading “Lock Azure resources to prevent accidental deletion”