Preventing Azure Resource Deletion or Unexpected Changes using Locks

Preventing Azure Resource Deletion or Unexpected Changes using Locks

In your Azure environment, there could be several critical Azure resources that you don’t ever want to be deleted or modified. For an instance, deleting a SQL Azure resource, or deleting any running services from the Azure portal. Of course, no one just really doesn’t want to do it. Nevertheless, it may get deleted or modified by chance, or as an administrator or owner of the solution you want to prevent the delete or change access to other users of the same subscription or resources. You can take help of Azure Resource Locking. This will help you by ‘locking down‘ a resource or a resource group all together to prevent accidentally modifying or deleting it.

Preventing Azure Resource Deletion – Locking Azure Resource

From the Azure Portal, Open the respective Azure Resource you want to lock. In this case, we choose one Cosmos DB resource and select the Locks option from the Settings category.

Add Lock Azure Resource
Add Lock Azure Resource

Provide a Lock name and choose the type of Lock.  The lock type you can choose here it to make it read-only or restrict delete access. Let’s choose “Delete” lock and provide some additional notes for future references.

 

Lock Details for Azure Lock
Lock Details for Azure Lock

Once the above information is filled. Click on OK to proceed with Lock creation.
Once the lock is created, you can see the details of Locks as shown in the below screenshot.

 

 

Lock Created with Resource Scope
Lock Created with Resource Scope

 

Once the lock is in placed, if you and anyone who has the access to this resource try to delete it, will get a Delete Failure notification.

 

Failed To Delete Locked Azure Resources
Failed To Delete Locked Azure Resources

You need to unlock the resource before you delete. The same goes for making a read-only lock as well.

Locking Azure Resource Group

The scope of the above lock was set to “This Resource”, which mean only that attached resource is bounded with the lock. There are cases you may lock your entire resource group which is running on production. In that case, you can lock the entire resource group. It will cascade the effects to all its child resources.

Preventing Azure Resource Deletion  : Locking a Resource Group
Locking a Resource Group

Once the lock is created, if you check for the scope of this lock – it is set to “Resource Group

 

Preventing Azure Resource Deletion  : Resource Group Locking Scope
Resource Group Locking Scope

Now if you try to delete the resource group you will get a similar message like what you received for Resources

 

Preventing Azure Resource Deletion  : Deleting Prevention of Resource Group
Deleting Prevention of Resource Group

 

 

When the lock is set to “Resource Group”, if you try to delete any resources under that group you will receive following error.

 

Parent Lock Resource
Parent Locked Resource

 

Overall, this locking feature is extremely useful for Portal to lock a resource, a resources group or even a subscription to prevent other users from accidentally deleting or modifying critical resources.
Hope this helps

Abhijit Jana

Abhijit runs the Daily .NET Tips. He started this site with a vision to have a single knowledge base of .NET tips and tricks and share post that can quickly help any developers . He is a Former Microsoft ASP.NET MVP, CodeProject MVP, Mentor, Speaker, Author, Technology Evangelist and presently working as a .NET Consultant. He blogs at http://abhijitjana.net , you can follow him @AbhijitJana . He is the author of book Kinect for Windows SDK Programming Guide.

2 Comments to “Preventing Azure Resource Deletion or Unexpected Changes using Locks”

Comments are closed.