I encountered an issue with one of my customers that they deleted Important Resources from their Resource Groups.
Unfortunately, they don’t have any backups as well. In this Article let’s see how we can protect it from being deleted accidentally or by mistake by any one of the team members using the Azure Resource Locks
What are Resource Locks?
Resource Locks is an option in Azure that protects from resources being deleted accidentally or by mistake.
There are Two Levels of Locking Available.
- CanNotDelete means authorized people can still read and modify a resource, but they can’t delete the resource without first removing the lock.
- ReadOnly means authorized people can read a resource, but they can’t delete or change the resource. Applying this lock is like restricting all authorized users to the permissions granted by the Reader role in Azure RBAC.
Note: Once locks are applied, you will not be able to apply any delete operations. if you still looking to make changes, you can remove the locks of the Resources and then perform the operations and reapply the Locks. This applied to apply to everyone even Owners of the Resource Groups.
Resource Locks can be combined with Azure Blueprints which prevents deleting the Resource Locks. For example, you can define a blueprint that specifies that a certain resource lock must exist. Azure Blueprints can automatically replace the resource lock if that lock is removed.
Now Let’s see how can we apply it to the Resource Group Level
Step 1: Go to Azure Portal and Signin
Step 2: Go to the Resource Groups to which you want to enable Resource Locks
Step 3: Click on Add button and select the Lock type and name for the Lock and Click on OK
Step 4: You can see the Lock applied now.
Step 5: Let’s try to perform the Delete option in the Resource Group where the lock enabled
Now you can see that you will not be able to perform the Delete Operation since Lock applied.