Script Sample - Apply Locks on Various Azure Resources

@20aman    Oct 11, 2018

Locks is a very important but very less known feature in Azure. This feature is available for all resources in Azure. This prevents unintended operation on a particular resource.

You have two types of locks in Azure:

  1. ReadOnly - You won't' be able to alter any configuration of the resource
  2. DoNotDelete - You will be able to add configurations but will not be able to remove configurations or even delete the resource

Do Not Delete is the lock, that as a best practice, you should apply on all critical resources in the environment. Once this lock is there on the resources, even the global administrator will not be able to delete the resources. The only way to delete the resources will be to delete the lock first and then delete the resources.

The Script Sample Details

This script sample leverages this concept of locks and uses the below cmdlet to apply the locks on various critical resources in the environment. 

New-AzureRmResourceLock -LockLevel CanNotDelete -LockName DoNotDelete -ResourceName $vNet.Name -ResourceType $vNet.Type -ResourceGroupName $vNet.ResourceGroupName -LockNotes "Do Not Delete Lock" -Confirm -Force

The above command uses New-AzureRmResourceLock cmdlet to create the Do Not Delete lock on a Virtual Network.

This script iterates through all subscriptions that your account has access to and then applies the lock to all resources of type:

  1. Virtual Network
  2. Route Tables
  3. Express Routes
  4. Virtual Network Gateways
  5. Virtual Network Gateway Connections
  6. Recovery Services Vaults (i.e. ASR Vaults)

Location of the Script

You can find this script in GitHub at this location: Apply-LocksOnVariousAzureResources.ps1



  Azure Script Sample    arm   automation   azure   lock   locks   microsoft   microsoftazure   powershell  
View All Post
Comments powered by Disqus
Follow Me
Key Posts and Series
Latest Posts
Categories
Archives
Tags Cloud