Azure apps/resources locks to prevent changes

Azure apps/resources locks to prevent changes

 

Issue:

·       How can I lock my azure apps so that others can’t update/modify it?

·       Read only azure resources are possible?

·       I want other member in my team should not be able to update my resources.

·       Prevent accidental changes.

 

Solution:

 

To be very frank, this is a valid ask from anyone. If I have a big team size but I want them to provide them only read-only access or they should not be able to delete anything.

 

The good news is, you don’t have to do much for this. Azure provides you this feature which just have to be enabled by you and this feature name is “LOCKS”.

 

You can check in below screen shot which is for Azure app service, but you can use it for any other azure resources,

Lock resources to prevent unexpected changes



Types of Lock

  •          ReadOnly
  •          CanNotDelete

ReadOnly lock means nobody can update or delete except then authorized users. You can relate this lock with Reader RBAC role.

CanNotDelete as names says you can not delete the resource but modify and read only.

 

Important Points

·       Locks can be applied at Subscription, resource group or at resource level.

·       If you apply locks at subscription level, then all resource within that will have same lock inherited

·       If you don’t want to apply lock at subscription level, then you can apply at individual resource also.

·       In a nutshell, parent resource lock is being inherited by child resources also.

·       Locks can be applied through other mechanism also like,

o   PowerShell

§  New-AzResourceLock

o   CLI

§  az lock

o   Rest API

§  PUT https://management.azure.com/{scope}/providers/Microsoft.Authorization/locks/{lock-name}?api-version={api-version}

o   ARM Template

 

How to apply lock from portal

Applying locks from the porta is the easiest approach.

You can refer below screen.

Step 1: Click on locks

Step 2: Click on Add

Step 3: Select Lock Type

Step 4: Provide lock name

Step 5: Provide some description in notes section like purpose of this lock

Step 6: Click on OK

And You are done.

Lock resources to prevent unexpected changes

 Hope this helps.

 

Please refer below URL for more details about Locks,

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

 


No comments:

Post a Comment