Using Locks on Microsoft Azure
The resources in the cloud are effortless to manage but at the same time, the actions performed are to be meticulously observed. Since making accidental or unwanted modifications to your resources might result in higher billing. That’s why cloud service providers offer “lock” to prevent accidental deletion or modification of critical resources and help the administrator sustain control.
In this article, we will learn to use resource group locks on Microsoft Azure.
Resource Group Locks
Azure provides two locks at the resource group level.
- Delete: users will be able to access the resource (read and modify) but won’t be able to delete it.
- ReadOnly: users will be able to read a resource but won’t be able to modify or delete it. (Similar to granting the Reader role to the users)
Locks are inherited, meaning if you apply a lock at a parent level then all the resources within the scope will automatically inherit the lock. However, the most restrictive lock in the inheritance takes precedence.
Nature of the Lock
The Nature of the Lock is based on how it operates, as applying a lock prevents changes to a resource, but it doesn’t restrict the resources to perform their own functions. As an example, a ReadOnly lock on the Server prevents you from deleting or modifying the server. It doesn’t prevent you from creating, updating, or deleting data within the server. You must be a resource Owner or an Administrator (Eg. User Access Administrator) to apply locks on the resource group.
How to apply a lock
Let’s see how to apply a lock to a resource group, Open portal.azure.com, and go to Resource groups to apply a lock as shown below
Add a lock by providing name and Lock type as shown in the below image
Applied locks should now get reflected in the list
Let’s check if the locks are working as desired, we tried to create a new Virtual Machine within a resource group containing ReadOnly lock.
Also, since the Delete lock is applied to this resource group we won’t be able to delete any resource and would receive a notification for a failed action.
In conclusion, the locks are an excellent approach to prevent any accidental modification to the resources on the cloud. 😉