Azure apps/resources locks to prevent changes
Issue:
· How can I lock my
azure apps so that others can’t update/modify it?
· Read only azure
resources are possible?
· I want other member
in my team should not be able to update my resources.
· Prevent accidental
changes.
Solution:
To be very frank, this is a valid
ask from anyone. If I have a big team size but I want them to provide them only
read-only access or they should not be able to delete anything.
The good news is, you don’t have
to do much for this. Azure provides you this feature which just have to be
enabled by you and this feature name is “LOCKS”.
You can check in below screen shot
which is for Azure app service, but you can use it for any other azure
resources,
Types of Lock
- ReadOnly
- CanNotDelete
ReadOnly lock means nobody can update or delete except then authorized users. You can relate this lock with Reader RBAC role.
CanNotDelete as names says you can not delete the resource but modify and read
only.
Important Points
· Locks can be applied at Subscription, resource group or at
resource level.
· If you apply locks at subscription level, then all resource within
that will have same lock inherited
· If you don’t want to apply lock at subscription level, then you can
apply at individual resource also.
· In a nutshell, parent resource lock is being inherited by child
resources also.
· Locks can be applied through other mechanism also like,
o
PowerShell
§ New-AzResourceLock
o
CLI
§ az lock
o
Rest API
o
ARM Template
How to apply lock from portal
Applying locks from the porta is
the easiest approach.
You can refer below screen.
Step 1: Click on locks
Step 2: Click on Add
Step 3: Select Lock Type
Step 4: Provide lock name
Step 5: Provide some description
in notes section like purpose of this lock
Step 6: Click on OK
And You are done.
 |
Hope this helps.
Please refer below URL for more
details about Locks,
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
No comments:
Post a Comment