In this article, I will be explaining Azure Resource Locking options provided by Azure Resource Manager. In my previous article, I have explained resource groups and the step-by-step guide to create and delete them. It is good if you know resource groups to understand the Resource lock options available better.
In any environment, there is always a chance of accidental deletion or modification of a resource. To avoid that, we use locking options available in Azure. There are two types of locking options available in the Azure portal: “Delete” and “Read-only.” You can apply a lock at the resource level, i.e., e.g., a VM, disk, storage account, etc., or a resource group level where different types of resources are allocated to a group or at subscription level according to your preference. Let’s go ahead and understand what each option does and how we can use it to our needs.
Delete Lock: If you apply to delete lock on any resource/instance, portal users will not be able to delete that particular resource, but they will modify that particular resource. When a delete lock is applied over a storage account, it does not prevent data within that account from being modified or deleted. Users will modify the data; only the account to which the lock has been applied will be prevented from accidental deletion.
Read-Only: When it comes to read-only, portal users will be neither able to delete that resource nor make any modifications if it is applied. Like Delete lock, When a read-only lock is applied over a storage account, it does not prevent data within that account from being modified or deleted. Users will modify the data; only the account to which the lock has been applied will be prevented from accidental deletion.
| Lock Type | Can you Delete it? | Can you Modify it? |
| Delete | No | Yes |
| Read-only | No | No |
NOTE! The child’s resources inherit Locks. If two different locks are applied, then the most restrictive lock takes precedence.
Azure Resource Locking Options | Step by Step Guide
Let’s look at the step-by-step procedure of creating and applying locks on any resource. Here I am taking an example of a Resource Group.
- Login to the Azure Portal.
- Go to the resource group on which you would like to apply the lock.
- In the left navigation pane Click Lock.
4. Click Add.
5. Provide a name for the lock; I have selected lock type Delete and Click on Ok.
6. Lock will be applied and visible as below. Since it is a Delete lock, you should create a resource and allocate it to the resource group where the lock is applied. Let’s go ahead and try that. Click on Overview on the left pane.
7. Click Create
8. To keep it simple, I am trying to create a storage account to see if we can make any modifications. Click Create.
9. Click Review + Create after providing the necessary details.
10. Click Create once the Validation is passed.
11. Once the resource is created, you should see it in the group you allocated, as shown below.
12. Now, let’s try to delete the existing lock and create a Read-Only Lock to see how it behaves—go-to Locks.
13. Click Delete on the existing lock, and the lock will disappear.
14. Click Add again to apply the read-only lock.
15. Select read-only lock type and provide all the details to create a new lock.
16. Once the lock is applied, Click Overview from the navigation pane and click Create.
17. Type Storage Account in the search bar and click create. Now that you have applied a read-only lock, you should not make any modifications to the group.
18. Click Review + Create after providing all the details.
19. you will see that the validation failing because a read-only lock has been applied.
20. Now, let’s try and deleting the resource where the lock is applied; go to the resource group, and click Delete Resource Group.
21. Click Delete once all the details are provided.
22. You will see it throwing an error saying deletion failed because a lock has been applied. Irrespective of the lock, you will not be able to delete the resource.
So, these were the Azure resource locking options available in the portal, their behavior, and the procedure to create and delete them.
Resources
- Understanding Azure Resource Locking Options
- Azure Portal Walkthrough
- Understanding Azure Resource Groups and step-by-step guide to create and delete